ComboFix 14-09-12.01 - TOM 09/13/2014 10:40:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6240 [GMT 2:00]
Running from: c:\users\TOM\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dir
c:\dir\Apr2005_d3dx9_25_x64.cab
c:\dir\Apr2005_d3dx9_25_x86.cab
c:\dir\Apr2006_d3dx9_30_x64.cab
c:\dir\Apr2006_d3dx9_30_x86.cab
c:\dir\Apr2006_MDX1_x86.cab
c:\dir\Apr2006_MDX1_x86_Archive.cab
c:\dir\Apr2006_XACT_x64.cab
c:\dir\Apr2006_XACT_x86.cab
c:\dir\Apr2006_xinput_x64.cab
c:\dir\Apr2006_xinput_x86.cab
c:\dir\APR2007_d3dx10_33_x64.cab
c:\dir\APR2007_d3dx10_33_x86.cab
c:\dir\APR2007_d3dx9_33_x64.cab
c:\dir\APR2007_d3dx9_33_x86.cab
c:\dir\APR2007_XACT_x64.cab
c:\dir\APR2007_XACT_x86.cab
c:\dir\APR2007_xinput_x64.cab
c:\dir\APR2007_xinput_x86.cab
c:\dir\Aug2005_d3dx9_27_x64.cab
c:\dir\Aug2005_d3dx9_27_x86.cab
c:\dir\AUG2006_XACT_x64.cab
c:\dir\AUG2006_XACT_x86.cab
c:\dir\AUG2006_xinput_x64.cab
c:\dir\AUG2006_xinput_x86.cab
c:\dir\AUG2007_d3dx10_35_x64.cab
c:\dir\AUG2007_d3dx10_35_x86.cab
c:\dir\AUG2007_d3dx9_35_x64.cab
c:\dir\AUG2007_d3dx9_35_x86.cab
c:\dir\AUG2007_XACT_x64.cab
c:\dir\AUG2007_XACT_x86.cab
c:\dir\Aug2008_d3dx10_39_x64.cab
c:\dir\Aug2008_d3dx10_39_x86.cab
c:\dir\Aug2008_d3dx9_39_x64.cab
c:\dir\Aug2008_d3dx9_39_x86.cab
c:\dir\Aug2008_XACT_x64.cab
c:\dir\Aug2008_XACT_x86.cab
c:\dir\Aug2008_XAudio_x64.cab
c:\dir\Aug2008_XAudio_x86.cab
c:\dir\Aug2009_D3DCompiler_42_x64.cab
c:\dir\Aug2009_D3DCompiler_42_x86.cab
c:\dir\Aug2009_d3dcsx_42_x64.cab
c:\dir\Aug2009_d3dcsx_42_x86.cab
c:\dir\Aug2009_d3dx10_42_x64.cab
c:\dir\Aug2009_d3dx10_42_x86.cab
c:\dir\Aug2009_d3dx11_42_x64.cab
c:\dir\Aug2009_d3dx11_42_x86.cab
c:\dir\Aug2009_d3dx9_42_x64.cab
c:\dir\Aug2009_d3dx9_42_x86.cab
c:\dir\Aug2009_XACT_x64.cab
c:\dir\Aug2009_XACT_x86.cab
c:\dir\Aug2009_XAudio_x64.cab
c:\dir\Aug2009_XAudio_x86.cab
c:\dir\BDANT.cab
c:\dir\BDAXP.cab
c:\dir\Dec2005_d3dx9_28_x64.cab
c:\dir\Dec2005_d3dx9_28_x86.cab
c:\dir\DEC2006_d3dx10_00_x64.cab
c:\dir\DEC2006_d3dx10_00_x86.cab
c:\dir\DEC2006_d3dx9_32_x64.cab
c:\dir\DEC2006_d3dx9_32_x86.cab
c:\dir\DEC2006_XACT_x64.cab
c:\dir\DEC2006_XACT_x86.cab
c:\dir\DSETUP.dll
c:\dir\dsetup32.dll
c:\dir\dxdllreg_x86.cab
c:\dir\dxnt.cab
c:\dir\DXSETUP.exe
c:\dir\dxupdate.cab
c:\dir\Feb2005_d3dx9_24_x64.cab
c:\dir\Feb2005_d3dx9_24_x86.cab
c:\dir\Feb2006_d3dx9_29_x64.cab
c:\dir\Feb2006_d3dx9_29_x86.cab
c:\dir\Feb2006_XACT_x64.cab
c:\dir\Feb2006_XACT_x86.cab
c:\dir\FEB2007_XACT_x64.cab
c:\dir\FEB2007_XACT_x86.cab
c:\dir\Jun2005_d3dx9_26_x64.cab
c:\dir\Jun2005_d3dx9_26_x86.cab
c:\dir\JUN2006_XACT_x64.cab
c:\dir\JUN2006_XACT_x86.cab
c:\dir\JUN2007_d3dx10_34_x64.cab
c:\dir\JUN2007_d3dx10_34_x86.cab
c:\dir\JUN2007_d3dx9_34_x64.cab
c:\dir\JUN2007_d3dx9_34_x86.cab
c:\dir\JUN2007_XACT_x64.cab
c:\dir\JUN2007_XACT_x86.cab
c:\dir\JUN2008_d3dx10_38_x64.cab
c:\dir\JUN2008_d3dx10_38_x86.cab
c:\dir\JUN2008_d3dx9_38_x64.cab
c:\dir\JUN2008_d3dx9_38_x86.cab
c:\dir\JUN2008_X3DAudio_x64.cab
c:\dir\JUN2008_X3DAudio_x86.cab
c:\dir\JUN2008_XACT_x64.cab
c:\dir\JUN2008_XACT_x86.cab
c:\dir\JUN2008_XAudio_x64.cab
c:\dir\JUN2008_XAudio_x86.cab
c:\dir\Mar2008_d3dx10_37_x64.cab
c:\dir\Mar2008_d3dx10_37_x86.cab
c:\dir\Mar2008_d3dx9_37_x64.cab
c:\dir\Mar2008_d3dx9_37_x86.cab
c:\dir\Mar2008_X3DAudio_x64.cab
c:\dir\Mar2008_X3DAudio_x86.cab
c:\dir\Mar2008_XACT_x64.cab
c:\dir\Mar2008_XACT_x86.cab
c:\dir\Mar2008_XAudio_x64.cab
c:\dir\Mar2008_XAudio_x86.cab
c:\dir\Mar2009_d3dx10_41_x64.cab
c:\dir\Mar2009_d3dx10_41_x86.cab
c:\dir\Mar2009_d3dx9_41_x64.cab
c:\dir\Mar2009_d3dx9_41_x86.cab
c:\dir\Mar2009_X3DAudio_x64.cab
c:\dir\Mar2009_X3DAudio_x86.cab
c:\dir\Mar2009_XACT_x64.cab
c:\dir\Mar2009_XACT_x86.cab
c:\dir\Mar2009_XAudio_x64.cab
c:\dir\Mar2009_XAudio_x86.cab
c:\dir\Nov2007_d3dx10_36_x64.cab
c:\dir\Nov2007_d3dx10_36_x86.cab
c:\dir\Nov2007_d3dx9_36_x64.cab
c:\dir\Nov2007_d3dx9_36_x86.cab
c:\dir\NOV2007_X3DAudio_x64.cab
c:\dir\NOV2007_X3DAudio_x86.cab
c:\dir\NOV2007_XACT_x64.cab
c:\dir\NOV2007_XACT_x86.cab
c:\dir\Nov2008_d3dx10_40_x64.cab
c:\dir\Nov2008_d3dx10_40_x86.cab
c:\dir\Nov2008_d3dx9_40_x64.cab
c:\dir\Nov2008_d3dx9_40_x86.cab
c:\dir\Nov2008_X3DAudio_x64.cab
c:\dir\Nov2008_X3DAudio_x86.cab
c:\dir\Nov2008_XACT_x64.cab
c:\dir\Nov2008_XACT_x86.cab
c:\dir\Nov2008_XAudio_x64.cab
c:\dir\Nov2008_XAudio_x86.cab
c:\dir\Oct2005_xinput_x64.cab
c:\dir\Oct2005_xinput_x86.cab
c:\dir\OCT2006_d3dx9_31_x64.cab
c:\dir\OCT2006_d3dx9_31_x86.cab
c:\dir\OCT2006_XACT_x64.cab
c:\dir\OCT2006_XACT_x86.cab
c:\program files (x86)\VLC Player GPU+
c:\program files (x86)\VLC Player GPU+\deinstaller.exe
c:\program files (x86)\VLC Player GPU+\diablo130302.cl
c:\program files (x86)\VLC Player GPU+\diakgcn121016.cl
c:\program files (x86)\VLC Player GPU+\GPULog.exe
c:\program files (x86)\VLC Player GPU+\Installer.exe
c:\program files (x86)\VLC Player GPU+\libcurl.dll
c:\program files (x86)\VLC Player GPU+\libeay32.dll
c:\program files (x86)\VLC Player GPU+\libidn-11.dll
c:\program files (x86)\VLC Player GPU+\libpdcurses.dll
c:\program files (x86)\VLC Player GPU+\lua5.1.dll
c:\program files (x86)\VLC Player GPU+\OpenCL.dll
c:\program files (x86)\VLC Player GPU+\path.inf
c:\program files (x86)\VLC Player GPU+\phatk121016.cl
c:\program files (x86)\VLC Player GPU+\poclbm130302.cl
c:\program files (x86)\VLC Player GPU+\pthreadGC2.dll
c:\program files (x86)\VLC Player GPU+\README
c:\program files (x86)\VLC Player GPU+\scrypt130302.cl
c:\program files (x86)\VLC Player GPU+\ssleay32.dll
c:\program files (x86)\VLC Player GPU+\uninstall.exe
c:\program files (x86)\VLC Player GPU+\Uninstall\IRIMG1.JPG
c:\program files (x86)\VLC Player GPU+\Uninstall\IRIMG2.JPG
c:\program files (x86)\VLC Player GPU+\Uninstall\uninstall.dat
c:\program files (x86)\VLC Player GPU+\Uninstall\uninstall.xml
c:\program files (x86)\VLC Player GPU+\zlib1.dll
c:\users\TOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\msi.png
c:\users\TOM\AppData\Local\Plus500
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\BigLoading.gif
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleDown.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleUp.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_Cancel.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_cashier.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_ChartSettings.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairDown.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairUp.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_DemoMode.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_downarrow_red.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_Help.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_Help2.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_MoveDown.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_MoveUp.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_OK.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_RateAlerts.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_RealMode.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_Search.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_SetupIndicators.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToCandleStick.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToFun.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToLine.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToReal.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_ZoomIn.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_ZoomOut.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\but_ZoomReset.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\challenge_loading.gif
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_ABNAMRO.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_AboutWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_ArrowDown.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_ArrowUp.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_Barclays.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BigBell.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BigBellSelected.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BigFavorite.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BigFavoriteSelected.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BuySellSeparator.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_BuySellWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1s.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2s.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3s.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_ChallengeStandings_Wallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_ChartToolbar.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_CommonwealthBank.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_Error.PNG
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_GuaranteedStop.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_IBB.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenRightWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_LoginWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList0.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList1.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList2.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList3.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList4.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList5.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList6.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList7.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList8.bmp
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyLeftWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyRightWallpaper.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\img_RateUs.png
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\InvestSmallBtns.ssk
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\InvestSoft.ssk
c:\users\TOM\AppData\Local\Plus500\Languages\cs\Images\Loading.gif
c:\users\TOM\AppData\Local\Plus500\Main\configuration.xml
c:\users\TOM\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\TOM\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\TOM\AppData\Local\Plus500\Main\log4delphi.log
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AdjustmentGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AdjustmentGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\EquityWarningGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\EquityWarningGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LiveChatGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LiveChatGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\TOM\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\TOM\AppData\Local\Plus500\Update\500w.exe
c:\users\TOM\AppData\Local\Plus500\Update\500z.exe
c:\users\TOM\AppData\Local\Plus500\Update\product.ico
c:\users\TOM\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\TOM\AppData\Local\Plus500\Update\uninstall.ico
c:\users\TOM\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-08-13 to 2014-09-13 )))))))))))))))))))))))))))))))
.
.
2014-09-13 08:46 . 2014-09-13 08:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 18:23 . 2014-09-12 18:23 -------- d-----w- c:\programdata\SP_FT_Logs
2014-09-12 16:58 . 2014-09-12 16:58 -------- d-----w- c:\users\TOM\.android
2014-09-12 16:39 . 2014-09-12 16:39 -------- d-----w- c:\programdata\Package Cache
2014-09-10 18:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 18:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 16:17 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 16:17 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 16:17 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 16:17 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 16:17 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 16:17 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 16:17 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 16:17 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 16:17 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-07 19:39 . 2014-09-13 08:49 -------- d-----w- c:\users\TOM\AppData\Local\Temp
2014-09-07 19:39 . 2014-09-07 19:31 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-07 19:31 . 2014-09-07 19:38 -------- d-----w- C:\zoek_backup
2014-09-07 17:48 . 2014-09-12 16:39 -------- d-----w- c:\users\TOM\AppData\Local\CrashDumps
2014-09-07 17:40 . 2014-09-07 17:40 -------- d-----w- c:\windows\ERUNT
2014-09-07 17:31 . 2014-09-12 12:10 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-07 17:31 . 2014-09-07 17:31 -------- d-----w- c:\programdata\RogueKiller
2014-09-07 10:06 . 2014-09-13 08:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 10:06 . 2014-09-07 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-07 10:06 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-07 10:06 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 10:06 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-07 09:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-07 09:57 . 2014-09-07 17:03 -------- d-----w- C:\AdwCleaner
2014-09-06 11:45 . 2011-11-24 22:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2014-09-06 11:45 . 2014-09-06 11:49 -------- d-----w- c:\program files (x86)\PdaNet for Android
2014-09-06 11:28 . 2011-05-20 08:29 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2014-09-06 11:28 . 2011-05-20 08:28 67192 ----a-w- c:\windows\system32\drivers\usb2ser.sys
2014-09-06 11:22 . 2014-09-06 11:23 -------- d-----w- c:\programdata\UAB
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\users\TOM\AppData\Local\PC_Drivers_Headquarters
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\programdata\Driver Manager
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\program files (x86)\Driver Manager
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\users\TOM\AppData\Roaming\mgyun
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\program files (x86)\VROOT
2014-09-06 07:42 . 2014-09-06 07:42 -------- d-----w- c:\programdata\Malwarebytes
2014-08-29 16:05 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 16:05 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 16:05 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 18:17 . 2013-11-24 05:02 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 19:39 . 2013-11-24 04:26 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-18 07:24 . 2013-11-24 05:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 07:24 . 2013-11-24 05:04 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 03:23 . 2014-08-13 13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 13:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 13:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 13:02 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 13:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 13:03 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 13:03 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-04 08:34 . 2013-11-24 04:26 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-13 20:47 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 20:47 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-29 14:26 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-06-29 14:26 . 2009-08-18 09:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-25 02:05 . 2014-08-13 13:03 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-18 02:18 . 2014-07-09 07:44 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 07:44 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-16 02:10 . 2014-08-13 13:03 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"uTorrent"="c:\users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-07-30 467680]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2014-05-07 4782944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2014-9-6 1054432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-12 19:42 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 07:24]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\0gna7ih6.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TLBWelcome - c:\program files\TrueLaunchBar\welcome.exe
Wow6432Node-HKLM-Run-MSStp - c:\windows\inf\msstp.vbe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\DriverGenius\unins000.exe
AddRemove-VLC Player GPU+11.041.44 - c:\program files (x86)\VLC Player GPU+\uninstall.exe
AddRemove-{817c6bb8-ea2d-4e12-abbc-e33c3de43f64} - c:\programdata\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{e67154a7-9cc5-4167-b782-f3982bc6c70d} - c:\programdata\Package Cache\{e67154a7-9cc5-4167-b782-f3982bc6c70d}\Avira.OE.Setup.Bundle.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37D0009}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2014-09-13 10:53:44 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-13 08:53
.
Pre-Run: 104,620,523,520 bytes free
Post-Run: 104,386,498,560 bytes free
.
- - End Of File - - CC27AC72194E13BFE9AE880EE2990D5F
A36C5E4F47E84449FF07ED3517B43A31
Kontrola logu - procisteni, vir Vyřešeno
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37D0009}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
====================================================
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Zkopíruj do něj následující celý text označený červeně:
ClearJavaCache::
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE1C37D0009}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
====================================================
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu - procisteni, vir
ComboFix 14-09-12.01 - TOM 09/13/2014 11:58:01.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6551 [GMT 2:00]
Running from: c:\users\TOM\Desktop\ComboFix.exe
Command switches used :: c:\users\TOM\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-08-13 to 2014-09-13 )))))))))))))))))))))))))))))))
.
.
2014-09-13 10:03 . 2014-09-13 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 18:23 . 2014-09-12 18:23 -------- d-----w- c:\programdata\SP_FT_Logs
2014-09-12 16:58 . 2014-09-12 16:58 -------- d-----w- c:\users\TOM\.android
2014-09-12 16:39 . 2014-09-12 16:39 -------- d-----w- c:\programdata\Package Cache
2014-09-10 18:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 18:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 16:17 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 16:17 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 16:17 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 16:17 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 16:17 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 16:17 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 16:17 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 16:17 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 16:17 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-07 19:39 . 2014-09-13 10:06 -------- d-----w- c:\users\TOM\AppData\Local\Temp
2014-09-07 19:39 . 2014-09-07 19:31 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-07 19:31 . 2014-09-07 19:38 -------- d-----w- C:\zoek_backup
2014-09-07 17:48 . 2014-09-12 16:39 -------- d-----w- c:\users\TOM\AppData\Local\CrashDumps
2014-09-07 17:40 . 2014-09-07 17:40 -------- d-----w- c:\windows\ERUNT
2014-09-07 17:31 . 2014-09-12 12:10 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-07 17:31 . 2014-09-07 17:31 -------- d-----w- c:\programdata\RogueKiller
2014-09-07 10:06 . 2014-09-13 10:06 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 10:06 . 2014-09-07 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-07 10:06 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-07 10:06 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 10:06 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-07 09:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-07 09:57 . 2014-09-07 17:03 -------- d-----w- C:\AdwCleaner
2014-09-06 11:45 . 2011-11-24 22:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2014-09-06 11:45 . 2014-09-06 11:49 -------- d-----w- c:\program files (x86)\PdaNet for Android
2014-09-06 11:28 . 2011-05-20 08:29 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2014-09-06 11:28 . 2011-05-20 08:28 67192 ----a-w- c:\windows\system32\drivers\usb2ser.sys
2014-09-06 11:22 . 2014-09-06 11:23 -------- d-----w- c:\programdata\UAB
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\users\TOM\AppData\Local\PC_Drivers_Headquarters
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\programdata\Driver Manager
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\program files (x86)\Driver Manager
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\users\TOM\AppData\Roaming\mgyun
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\program files (x86)\VROOT
2014-09-06 07:42 . 2014-09-06 07:42 -------- d-----w- c:\programdata\Malwarebytes
2014-08-29 16:05 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 16:05 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 16:05 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 18:17 . 2013-11-24 05:02 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 19:39 . 2013-11-24 04:26 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-18 07:24 . 2013-11-24 05:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 07:24 . 2013-11-24 05:04 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 03:23 . 2014-08-13 13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 13:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 13:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 13:02 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 13:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 13:03 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 13:03 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-04 08:34 . 2013-11-24 04:26 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-13 20:47 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 20:47 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-29 14:26 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-06-29 14:26 . 2009-08-18 09:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-25 02:05 . 2014-08-13 13:03 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-18 02:18 . 2014-07-09 07:44 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 07:44 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-16 02:10 . 2014-08-13 13:03 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"uTorrent"="c:\users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-07-30 467680]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2014-05-07 4782944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2014-9-6 1054432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-12 19:42 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 07:24]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\0gna7ih6.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\DriverGenius\unins000.exe
AddRemove-VLC Player GPU+11.041.44 - c:\program files (x86)\VLC Player GPU+\uninstall.exe
AddRemove-{817c6bb8-ea2d-4e12-abbc-e33c3de43f64} - c:\programdata\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{e67154a7-9cc5-4167-b782-f3982bc6c70d} - c:\programdata\Package Cache\{e67154a7-9cc5-4167-b782-f3982bc6c70d}\Avira.OE.Setup.Bundle.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2014-09-13 12:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-13 10:10
ComboFix2.txt 2014-09-13 08:53
.
Pre-Run: 104,867,799,040 bytes free
Post-Run: Volných bajtu: 104,704,937,984
.
- - End Of File - - CFCEDCD5127FB7430D2BC9A9CF0F275E
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-13 12:12:24
-----------------------------
12:12:24.187 OS Version: Windows x64 6.1.7601 Service Pack 1
12:12:24.187 Number of processors: 4 586 0x2A07
12:12:24.187 ComputerName: TOM-PC UserName: TOM
12:12:25.965 Initialize success
12:12:26.043 VM: initialized successfully
12:12:26.059 VM: Intel CPU BiosDisabled
12:12:36.793 VM: supported disk I/O ataport.SYS
12:12:43.723 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:12:43.723 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
12:12:43.926 Disk 0 MBR read successfully
12:12:43.926 Disk 0 MBR scan
12:12:43.926 Disk 0 Windows 7 default MBR code
12:12:43.942 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:12:43.942 Disk 0 Boot: NTFS code=1
12:12:44.035 Disk 0 scanning C:\Windows\system32\drivers
12:12:53.208 Service scanning
12:13:06.593 Modules scanning
12:13:06.593 Disk 0 trace - called modules:
12:13:06.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:13:06.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de8060]
12:13:06.624 3 CLASSPNP.SYS[fffff8800193743f] -> nt!IofCallDriver -> [0xfffffa8007b0f520]
12:13:06.624 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b00060]
12:13:06.624 Scan finished successfully
12:19:58.325 Disk 0 MBR has been saved successfully to "C:\Users\TOM\Desktop\MBR.dat"
12:19:58.325 The log file has been saved successfully to "C:\Users\TOM\Desktop\aswMBR.txt"
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6551 [GMT 2:00]
Running from: c:\users\TOM\Desktop\ComboFix.exe
Command switches used :: c:\users\TOM\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-08-13 to 2014-09-13 )))))))))))))))))))))))))))))))
.
.
2014-09-13 10:03 . 2014-09-13 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 18:23 . 2014-09-12 18:23 -------- d-----w- c:\programdata\SP_FT_Logs
2014-09-12 16:58 . 2014-09-12 16:58 -------- d-----w- c:\users\TOM\.android
2014-09-12 16:39 . 2014-09-12 16:39 -------- d-----w- c:\programdata\Package Cache
2014-09-10 18:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 18:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 16:17 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 16:17 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 16:17 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 16:17 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 16:17 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 16:17 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 16:17 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 16:17 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 16:17 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-07 19:39 . 2014-09-13 10:06 -------- d-----w- c:\users\TOM\AppData\Local\Temp
2014-09-07 19:39 . 2014-09-07 19:31 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-07 19:31 . 2014-09-07 19:38 -------- d-----w- C:\zoek_backup
2014-09-07 17:48 . 2014-09-12 16:39 -------- d-----w- c:\users\TOM\AppData\Local\CrashDumps
2014-09-07 17:40 . 2014-09-07 17:40 -------- d-----w- c:\windows\ERUNT
2014-09-07 17:31 . 2014-09-12 12:10 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-07 17:31 . 2014-09-07 17:31 -------- d-----w- c:\programdata\RogueKiller
2014-09-07 10:06 . 2014-09-13 10:06 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 10:06 . 2014-09-07 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-07 10:06 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-07 10:06 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 10:06 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-07 09:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-07 09:57 . 2014-09-07 17:03 -------- d-----w- C:\AdwCleaner
2014-09-06 11:45 . 2011-11-24 22:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2014-09-06 11:45 . 2014-09-06 11:49 -------- d-----w- c:\program files (x86)\PdaNet for Android
2014-09-06 11:28 . 2011-05-20 08:29 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2014-09-06 11:28 . 2011-05-20 08:28 67192 ----a-w- c:\windows\system32\drivers\usb2ser.sys
2014-09-06 11:22 . 2014-09-06 11:23 -------- d-----w- c:\programdata\UAB
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\users\TOM\AppData\Local\PC_Drivers_Headquarters
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\programdata\Driver Manager
2014-09-06 11:22 . 2014-09-06 11:22 -------- d-----w- c:\program files (x86)\Driver Manager
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\users\TOM\AppData\Roaming\mgyun
2014-09-06 10:57 . 2014-09-12 18:03 -------- d-----w- c:\program files (x86)\VROOT
2014-09-06 07:42 . 2014-09-06 07:42 -------- d-----w- c:\programdata\Malwarebytes
2014-08-29 16:05 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 16:05 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 16:05 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 18:17 . 2013-11-24 05:02 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 19:39 . 2013-11-24 04:26 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-18 07:24 . 2013-11-24 05:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 07:24 . 2013-11-24 05:04 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-16 03:23 . 2014-08-13 13:03 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 13:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 13:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 13:02 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 13:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 13:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 13:03 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 13:03 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-04 08:34 . 2013-11-24 04:26 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-13 20:47 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 20:47 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-29 14:26 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-06-29 14:26 . 2009-08-18 09:24 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-25 02:05 . 2014-08-13 13:03 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-18 02:18 . 2014-07-09 07:44 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 07:44 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-16 02:10 . 2014-08-13 13:03 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"uTorrent"="c:\users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-07-30 467680]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2014-05-07 4782944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2014-9-6 1054432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-12 19:42 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 07:24]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 10:06]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\TOM\AppData\Roaming\Mozilla\Firefox\Profiles\0gna7ih6.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\DriverGenius\unins000.exe
AddRemove-VLC Player GPU+11.041.44 - c:\program files (x86)\VLC Player GPU+\uninstall.exe
AddRemove-{817c6bb8-ea2d-4e12-abbc-e33c3de43f64} - c:\programdata\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{e67154a7-9cc5-4167-b782-f3982bc6c70d} - c:\programdata\Package Cache\{e67154a7-9cc5-4167-b782-f3982bc6c70d}\Avira.OE.Setup.Bundle.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2014-09-13 12:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-13 10:10
ComboFix2.txt 2014-09-13 08:53
.
Pre-Run: 104,867,799,040 bytes free
Post-Run: Volných bajtu: 104,704,937,984
.
- - End Of File - - CFCEDCD5127FB7430D2BC9A9CF0F275E
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-13 12:12:24
-----------------------------
12:12:24.187 OS Version: Windows x64 6.1.7601 Service Pack 1
12:12:24.187 Number of processors: 4 586 0x2A07
12:12:24.187 ComputerName: TOM-PC UserName: TOM
12:12:25.965 Initialize success
12:12:26.043 VM: initialized successfully
12:12:26.059 VM: Intel CPU BiosDisabled
12:12:36.793 VM: supported disk I/O ataport.SYS
12:12:43.723 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:12:43.723 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
12:12:43.926 Disk 0 MBR read successfully
12:12:43.926 Disk 0 MBR scan
12:12:43.926 Disk 0 Windows 7 default MBR code
12:12:43.942 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:12:43.942 Disk 0 Boot: NTFS code=1
12:12:44.035 Disk 0 scanning C:\Windows\system32\drivers
12:12:53.208 Service scanning
12:13:06.593 Modules scanning
12:13:06.593 Disk 0 trace - called modules:
12:13:06.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:13:06.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de8060]
12:13:06.624 3 CLASSPNP.SYS[fffff8800193743f] -> nt!IofCallDriver -> [0xfffffa8007b0f520]
12:13:06.624 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b00060]
12:13:06.624 Scan finished successfully
12:19:58.325 Disk 0 MBR has been saved successfully to "C:\Users\TOM\Desktop\MBR.dat"
12:19:58.325 The log file has been saved successfully to "C:\Users\TOM\Desktop\aswMBR.txt"
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu - procisteni, vir
Okno pořád po spuštění vyskakuje.
# DelFix v10.8 - Logfile created 18/09/2014 at 15:37:39
# Updated 29/07/2014 by Xplode
# Username : TOM - TOM-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\TOM\Desktop\AdwCleaner.exe
Deleted : C:\Users\TOM\Desktop\aswmbr.exe
Deleted : C:\Users\TOM\Desktop\aswMBR.txt
Deleted : C:\Users\TOM\Desktop\JRT.exe
Deleted : C:\Users\TOM\Desktop\logcombofix.txt
Deleted : C:\Users\TOM\Desktop\MBR.dat
Deleted : C:\Users\TOM\Desktop\RogueKillerX64.exe
Deleted : C:\Users\TOM\Downloads\HiJackThis.exe
Deleted : C:\Users\TOM\Downloads\hijackthis.log
Deleted : C:\Users\TOM\Downloads\RogueKillerX64.exe
Deleted : C:\Users\TOM\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
New restore point created !
########## - EOF - ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:20 PM, on 9/18/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\TOM\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9459 bytes
# DelFix v10.8 - Logfile created 18/09/2014 at 15:37:39
# Updated 29/07/2014 by Xplode
# Username : TOM - TOM-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\TOM\Desktop\AdwCleaner.exe
Deleted : C:\Users\TOM\Desktop\aswmbr.exe
Deleted : C:\Users\TOM\Desktop\aswMBR.txt
Deleted : C:\Users\TOM\Desktop\JRT.exe
Deleted : C:\Users\TOM\Desktop\logcombofix.txt
Deleted : C:\Users\TOM\Desktop\MBR.dat
Deleted : C:\Users\TOM\Desktop\RogueKillerX64.exe
Deleted : C:\Users\TOM\Downloads\HiJackThis.exe
Deleted : C:\Users\TOM\Downloads\hijackthis.log
Deleted : C:\Users\TOM\Downloads\RogueKillerX64.exe
Deleted : C:\Users\TOM\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
New restore point created !
########## - EOF - ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:20 PM, on 9/18/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\TOM\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9459 bytes
- memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir
Tohle znáš?
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Kontrola logu - procisteni, vir
Ne, když kliknu na ten odkaz vyskočí mi ta otravná ruská stránka po spuštění.
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir
V HJT tedy fixni:
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu - procisteni, vir
Okno už nevyskakuje. Díky
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir
Odinstaluj:
AVG PC TuneUp
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
AVG PC TuneUp
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu - procisteni, vir
Nenašel jsem a nefixnul
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Pro jistotu přikládám nový log z HJT.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:46 AM, on 9/20/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\TOM\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8984 bytes
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Pro jistotu přikládám nový log z HJT.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:46 AM, on 9/20/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\TOM\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8984 bytes
- memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu - procisteni, vir Vyřešeno
HJT ok
Pokud nejsou problém, tak poprosím o zelenou fajku na znamení vyřešeno
Pokud nejsou problém, tak poprosím o zelenou fajku na znamení vyřešeno

PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 115 hostů