Prosím o kontrolu logu Vyřešeno

[patrik.veselka]

Tady je log Combofix:
ComboFix 13-10-04.02 - admin 06.10.2013 14:09:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.1744 [GMT 2:00]
Running from: C:\Users\admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\FDF39E82FD.sys
C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 )))))))))))))))))))))))))))))))


2013-10-06 12:19:41 . 2013-10-06 12:19:41 -------- d-----w- C:\Users\Zuzka\AppData\Local\temp
2013-10-06 12:19:41 . 2013-10-06 12:19:41 -------- d-----w- C:\Users\PatrikV\AppData\Local\temp
2013-10-06 12:19:41 . 2013-10-06 12:19:41 -------- d-----w- C:\Users\macher\AppData\Local\temp
2013-10-05 20:29:21 . 2013-10-05 20:30:52 -------- d-----w- C:\Users\PatrikV\AppData\Local\HTC MediaHub
2013-10-05 16:17:00 . 2013-10-05 16:17:00 -------- d-----w- C:\Users\PatrikV\AppData\Local\Apple
2013-10-04 19:22:02 . 2013-10-04 19:22:02 -------- d-----w- C:\Users\PatrikV\AppData\Local\ATI
2013-10-04 19:22:01 . 2013-10-04 19:22:01 -------- d-----w- C:\Users\PatrikV\AppData\Local\Ahead
2013-10-04 19:22:00 . 2013-10-04 19:22:31 -------- d-----w- C:\Users\PatrikV\AppData\Local\Adobe
2013-10-04 18:06:46 . 2013-10-04 18:06:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-04 18:06:46 . 2013-04-04 12:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-10-04 17:33:13 . 2013-10-04 17:33:13 -------- d-----w- C:\Users\admin\AppData\Local\Apple Computer
2013-10-04 17:31:04 . 2013-10-04 17:31:04 -------- d-----w- C:\Users\admin\AppData\Local\ATI
2013-10-04 17:30:21 . 2013-10-05 15:45:27 -------- d-----w- C:\Users\admin\AppData\Local\Adobe
2013-10-03 19:49:59 . 2013-10-03 19:49:59 -------- d-----w- C:\Windows\ERUNT
2013-10-03 19:28:03 . 2013-08-11 09:46:48 619616 ------w- C:\Windows\system32\drivers\klif.sys
2013-10-03 19:25:56 . 2013-10-03 19:25:56 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2013-10-03 13:05:16 . 2013-10-03 13:05:16 -------- d-----w- C:\Users\macher\AppData\Roaming\IObit
2013-10-02 18:42:20 . 2013-10-02 18:42:19 350160 ----a-w- C:\Windows\system32\drivers\trufos.sys
2013-10-02 18:42:14 . 2013-10-02 18:42:13 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2013-10-02 18:42:13 . 2013-10-02 18:42:12 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
2013-10-02 18:42:12 . 2013-10-02 18:42:11 572928 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2013-10-02 18:42:11 . 2013-10-02 18:42:10 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2013-10-02 18:42:10 . 2013-10-02 18:42:09 34048 ----a-w- C:\Windows\SysWow64\eEmpty.exe
2013-10-02 18:42:06 . 2013-10-02 18:42:06 -------- d-----w- C:\Program Files (x86)\Common Files\MicroWorld
2013-10-02 18:42:00 . 2013-10-02 18:42:06 -------- d-----w- C:\ProgramData\MicroWorld
2013-10-02 18:34:46 . 2013-10-02 18:34:46 -------- d-----w- C:\Program Files\HitmanPro
2013-10-02 17:12:45 . 2013-10-02 18:03:22 -------- d-----w- C:\Users\PatrikV\AppData\Roaming\IObit
2013-10-02 16:35:23 . 2013-10-02 16:36:31 -------- d-----w- C:\ProgramData\IObit
2013-10-02 16:35:10 . 2013-10-02 16:35:10 -------- d-----w- C:\Users\admin\AppData\Roaming\IObit
2013-10-02 16:35:05 . 2013-10-02 16:35:05 -------- d-----w- C:\Program Files (x86)\IObit
2013-10-01 17:37:09 . 2013-09-15 22:50:04 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D75DC00D-5F61-4342-8A30-42AD9B01CB04}\mpengine.dll
2013-09-16 16:52:18 . 2013-09-16 16:52:18 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2013-09-16 15:40:18 . 2013-09-16 16:52:42 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-16 15:38:52 . 2013-09-16 15:38:52 -------- d-----w- C:\ProgramData\Hitman Pro
2013-09-14 12:47:08 . 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\system32\win32k.sys
2013-09-14 12:46:57 . 2013-07-26 02:24:57 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-09-14 12:46:56 . 2013-07-26 02:24:56 197120 ----a-w- C:\Windows\system32\shdocvw.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

[Reklama]

[memphisto]

Ten log z Combofixu není celý

[patrik.veselka]

Ted by to mnelo byt cely:

ComboFix 13-10-04.02 - admin 07.10.2013 19:09:37.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.1832 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\FDF39E82FD.sys
c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2013-09-07 to 2013-10-07 )))))))))))))))))))))))))))))))
.
.
2013-10-07 17:22 . 2013-10-07 17:22 -------- d-----w- c:\users\Zuzka\AppData\Local\temp
2013-10-07 17:22 . 2013-10-07 17:22 -------- d-----w- c:\users\PatrikV\AppData\Local\temp
2013-10-07 17:22 . 2013-10-07 17:22 -------- d-----w- c:\users\macher\AppData\Local\temp
2013-10-07 17:22 . 2013-10-07 17:22 -------- d-----w- c:\users\Ja\AppData\Local\temp
2013-10-07 17:22 . 2013-10-07 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 12:56 . 2013-10-06 12:56 -------- d-----w- c:\users\admin\AppData\Local\CANON_INC
2013-10-05 20:29 . 2013-10-05 20:30 -------- d-----w- c:\users\PatrikV\AppData\Local\HTC MediaHub
2013-10-05 16:17 . 2013-10-05 16:17 -------- d-----w- c:\users\PatrikV\AppData\Local\Apple
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\ATI
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\Ahead
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\Adobe
2013-10-04 18:06 . 2013-10-04 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-04 18:06 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 17:33 . 2013-10-04 17:33 -------- d-----w- c:\users\admin\AppData\Local\Apple Computer
2013-10-04 17:31 . 2013-10-04 17:31 -------- d-----w- c:\users\admin\AppData\Local\ATI
2013-10-04 17:30 . 2013-10-05 15:45 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2013-10-03 19:49 . 2013-10-03 19:49 -------- d-----w- c:\windows\ERUNT
2013-10-03 19:28 . 2013-08-11 09:46 619616 ------w- c:\windows\system32\drivers\klif.sys
2013-10-03 19:25 . 2013-10-03 19:25 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-10-03 13:05 . 2013-10-03 13:05 -------- d-----w- c:\users\macher\AppData\Roaming\IObit
2013-10-02 18:42 . 2013-10-02 18:42 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-10-02 18:42 . 2013-10-02 18:42 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2013-10-02 18:42 . 2013-10-02 18:42 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2013-10-02 18:42 . 2013-10-02 18:42 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-10-02 18:42 . 2013-10-02 18:42 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-10-02 18:42 . 2013-10-02 18:42 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2013-10-02 18:42 . 2013-10-02 18:42 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2013-10-02 18:42 . 2013-10-02 18:42 -------- d-----w- c:\programdata\MicroWorld
2013-10-02 18:34 . 2013-10-02 18:34 -------- d-----w- c:\program files\HitmanPro
2013-10-02 17:12 . 2013-10-02 18:03 -------- d-----w- c:\users\PatrikV\AppData\Roaming\IObit
2013-10-02 16:35 . 2013-10-02 16:36 -------- d-----w- c:\programdata\IObit
2013-10-02 16:35 . 2013-10-02 16:35 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2013-10-02 16:35 . 2013-10-02 16:35 -------- d-----w- c:\program files (x86)\IObit
2013-10-01 17:37 . 2013-09-15 22:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D75DC00D-5F61-4342-8A30-42AD9B01CB04}\mpengine.dll
2013-09-16 16:52 . 2013-09-16 16:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-09-16 15:40 . 2013-09-16 16:52 -------- d-----w- c:\programdata\HitmanPro
2013-09-16 15:38 . 2013-09-16 15:38 -------- d-----w- c:\programdata\Hitman Pro
2013-09-14 12:47 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-14 12:46 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-14 12:46 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 17:09 . 2012-04-05 05:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 17:09 . 2011-05-17 18:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 20:26 . 2009-10-22 11:25 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-18 17:23 . 2013-08-18 17:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-18 17:23 . 2012-05-14 08:07 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-18 17:23 . 2010-05-14 16:59 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-07 02:22 . 2009-10-22 08:31 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-14 12:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-30 08:10 . 2012-12-16 16:24 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-25 09:25 . 2013-08-14 17:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 17:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-12-22 16:59 . 2009-12-22 16:59 13604159 ----a-w- c:\program files (x86)\dps-dvd-menu-template-package-1.exe
2009-12-21 17:41 . 2009-12-21 17:41 13604159 ----a-w- c:\program files (x86)\dvd-menu-template-package.exe
2009-12-12 19:46 . 2009-12-12 19:45 28868320 ----a-w- c:\program files (x86)\FileFormatConverters.exe
2009-12-12 11:47 . 2009-12-12 11:37 145920984 ----a-w- c:\program files (x86)\LTRM2_WWEFG_win_2_5.exe
2009-12-12 00:17 . 2009-12-12 00:16 1956528 ----a-w- c:\program files (x86)\install_flash_player_ax.exe
2009-12-12 00:09 . 2009-12-12 00:07 26633927 ----a-w- c:\program files (x86)\dps_install.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ScreenManager Pro for LCD"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2008-06-05 11932968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BMISR"="c:\program files (x86)\KYE\WebMate\BM.exe" [2008-02-19 229376]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"USB Storage Toolbox"="c:\program files (x86)\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\i:\0autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS;c:\windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CrossLoopService;CrossLoop Service;c:\users\admin\AppData\Local\CrossLoop\CrossLoopService.exe;c:\users\admin\AppData\Local\CrossLoop\CrossLoopService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys [x]
R3 cpuz130;cpuz130;c:\users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys;c:\windows\SYSNATIVE\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tvnserver;TightVNC Server;c:\users\admin\AppData\Local\CrossLoop\tvnserver.exe;c:\users\admin\AppData\Local\CrossLoop\tvnserver.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:09]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-17 18:45]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-17 18:45]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 16:55]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 16:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 1116136]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &4shared Search - c:\program files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{C3947F4E-8894-4C04-98E0-DF182C706DDF} - c:\program files (x86)\wbtooltb\wbtoolDx.dll
Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-wbtooltb - c:\program files (x86)\wbtooltb\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-07 19:28:00
ComboFix-quarantined-files.txt 2013-10-07 17:28
.
Pre-Run: 127 447 560 192 bytes free
Post-Run: 127 002 771 456 bytes free
.
- - End Of File - - D9B9CF93F145D9D69175A7FC9AAC9FAA
671B81004FDD1588FA9ED1331C9CECA9

[jaro3]

AVG2012 zaktualizuj na AVG2014

Odinstaluj vše od Kaspersky.


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\klif.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005UA.job

Folder::
c:\programdata\Kaspersky Lab Setup Files
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
c:\users\admin\AppData\Local\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[patrik.veselka]

Tady je log podle pokynu:
ComboFix 13-10-08.01 - admin 08.10.2013 22:06:28.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.1651 [GMT 2:00]
Running from: C:\Users\admin\Desktop\ComboFix.exe
Command switches used :: C:\Users\admin\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\klif.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4248679914-218488486-3363301596-1005UA.job"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.165\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.165\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.165\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\7.1.1.1888\GoogleEarth-Win-Bundle-7.1.1.1888.exe
c:\program files (x86)\Google\Update\Download\{DC645E25-9CCA-4EF8-943B-B0F878E9A76E}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4413.1752\GoogleToolbarInstaller_updater_signed.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\Kaspersky Lab Setup Files
c:\users\admin\AppData\Local\Google\Update
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_am.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_da.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_de.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_el.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_en.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_es.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_et.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_id.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_is.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_it.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_no.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_te.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_th.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\psmachine.dll
c:\users\admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll
c:\users\admin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\users\admin\AppData\Local\Google\Update\Download\{AB35973C-C73E-402C-A14A-014B1DBD9D4F}\GoogleUpdateSetup.exe
c:\users\admin\AppData\Local\Google\Update\Download\{D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}\4.7.0.15362\googletalkpluginaccel.msi
c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem


((((((((((((((((((((((((( Files Created from 2013-09-08 to 2013-10-08 )))))))))))))))))))))))))))))))


2013-10-08 20:21:08 . 2013-10-08 20:21:08 -------- d-----w- C:\Users\Zuzka\AppData\Local\temp
2013-10-08 20:21:08 . 2013-10-08 20:21:08 -------- d-----w- C:\Users\PatrikV\AppData\Local\temp
2013-10-08 20:21:08 . 2013-10-08 20:21:08 -------- d-----w- C:\Users\macher\AppData\Local\temp
2013-10-08 20:21:08 . 2013-10-08 20:21:08 -------- d-----w- C:\Users\Ja\AppData\Local\temp
2013-10-08 20:21:08 . 2013-10-08 20:21:08 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-08 18:04:57 . 2013-10-08 18:04:57 17226632 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-08 17:04:22 . 2013-10-08 17:04:22 -------- d-----w- C:\Users\admin\AppData\Roaming\AVG2014
2013-10-08 16:58:58 . 2013-10-08 16:58:58 -------- d-----w- C:\Users\admin\AppData\Local\AVG Secure Search
2013-10-08 16:58:14 . 2013-10-08 16:58:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-10-08 16:58:14 . 2013-10-08 16:58:14 -------- d-----w- C:\ProgramData\AVG Secure Search
2013-10-08 16:58:12 . 2013-10-08 16:58:13 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2013-10-08 16:55:58 . 2013-10-08 17:00:31 -------- d-----w- C:\ProgramData\AVG2014
2013-10-08 16:54:11 . 2013-10-08 17:04:19 -------- d-----w- C:\Users\admin\AppData\Local\Avg2014
2013-10-08 16:54:11 . 2013-10-08 16:54:11 -------- d-----w- C:\Users\admin\AppData\Local\MFAData
2013-10-07 19:27:14 . 2013-10-07 19:27:14 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2013-10-07 19:26:45 . 2013-10-07 19:26:46 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2013-10-07 18:16:15 . 2013-10-07 18:16:17 -------- d-----w- C:\Users\PatrikV\AppData\Roaming\Nokia
2013-10-07 18:08:20 . 2013-10-07 18:08:20 -------- d-----w- C:\Users\PatrikV\AppData\Local\CANON_INC
2013-10-06 12:56:24 . 2013-10-06 12:56:24 -------- d-----w- C:\Users\admin\AppData\Local\CANON_INC
2013-10-05 20:29:21 . 2013-10-05 20:30:52 -------- d-----w- C:\Users\PatrikV\AppData\Local\HTC MediaHub
2013-10-05 16:17:00 . 2013-10-05 16:17:00 -------- d-----w- C:\Users\PatrikV\AppData\Local\Apple
2013-10-04 19:22:02 . 2013-10-04 19:22:02 -------- d-----w- C:\Users\PatrikV\AppData\Local\ATI
2013-10-04 19:22:01 . 2013-10-04 19:22:01 -------- d-----w- C:\Users\PatrikV\AppData\Local\Ahead
2013-10-04 19:22:00 . 2013-10-04 19:22:31 -------- d-----w- C:\Users\PatrikV\AppData\Local\Adobe
2013-10-04 18:06:46 . 2013-10-04 18:06:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-04 18:06:46 . 2013-04-04 12:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-10-04 17:33:13 . 2013-10-04 17:33:13 -------- d-----w- C:\Users\admin\AppData\Local\Apple Computer
2013-10-04 17:31:04 . 2013-10-04 17:31:04 -------- d-----w- C:\Users\admin\AppData\Local\ATI
2013-10-04 17:30:21 . 2013-10-05 15:45:27 -------- d-----w- C:\Users\admin\AppData\Local\Adobe
2013-10-03 19:49:59 . 2013-10-03 19:49:59 -------- d-----w- C:\Windows\ERUNT
2013-10-03 19:28:03 . 2013-08-11 09:46:48 619616 ------w- C:\Windows\system32\drivers\klif.sys
2013-10-03 13:05:16 . 2013-10-03 13:05:16 -------- d-----w- C:\Users\macher\AppData\Roaming\IObit
2013-10-02 18:42:20 . 2013-10-02 18:42:19 350160 ----a-w- C:\Windows\system32\drivers\trufos.sys
2013-10-02 18:42:14 . 2013-10-02 18:42:13 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2013-10-02 18:42:13 . 2013-10-02 18:42:12 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
2013-10-02 18:42:12 . 2013-10-02 18:42:11 572928 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2013-10-02 18:42:11 . 2013-10-02 18:42:10 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2013-10-02 18:42:10 . 2013-10-02 18:42:09 34048 ----a-w- C:\Windows\SysWow64\eEmpty.exe
2013-10-02 18:42:06 . 2013-10-02 18:42:06 -------- d-----w- C:\Program Files (x86)\Common Files\MicroWorld
2013-10-02 18:42:00 . 2013-10-02 18:42:06 -------- d-----w- C:\ProgramData\MicroWorld
2013-10-02 18:34:46 . 2013-10-02 18:34:46 -------- d-----w- C:\Program Files\HitmanPro
2013-10-02 17:12:45 . 2013-10-02 18:03:22 -------- d-----w- C:\Users\PatrikV\AppData\Roaming\IObit
2013-10-02 16:35:23 . 2013-10-02 16:36:31 -------- d-----w- C:\ProgramData\IObit
2013-10-02 16:35:10 . 2013-10-02 16:35:10 -------- d-----w- C:\Users\admin\AppData\Roaming\IObit
2013-10-02 16:35:05 . 2013-10-02 16:35:05 -------- d-----w- C:\Program Files (x86)\IObit
2013-10-01 17:37:09 . 2013-09-15 22:50:04 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D75DC00D-5F61-4342-8A30-42AD9B01CB04}\mpengine.dll
2013-09-16 16:52:18 . 2013-09-16 16:52:18 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2013-09-16 15:40:18 . 2013-09-16 16:52:42 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-16 15:38:52 . 2013-09-16 15:38:52 -------- d-----w- C:\ProgramData\Hitman Pro
2013-09-14 12:47:08 . 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\system32\win32k.sys
2013-09-14 12:46:57 . 2013-07-26 02:24:57 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-09-14 12:46:56 . 2013-07-26 02:24:56 197120 ----a-w- C:\Windows\system32\shdocvw.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-08 16:58:09 . 2012-12-16 16:24:36 46368 ----a-w- C:\Windows\system32\drivers\avgtpx64.sys
2013-09-19 17:09:10 . 2012-04-05 05:28:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-19 17:09:10 . 2011-05-17 18:07:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 20:26:54 . 2009-10-22 11:25:33 79143768 ----a-w- C:\Windows\system32\MRT.exe
2013-08-22 21:25:44 . 2013-08-22 21:25:44 212280 ----a-w- C:\Windows\system32\drivers\avgldx64.sys
2013-08-22 21:08:14 . 2013-08-22 21:08:14 294712 ----a-w- C:\Windows\system32\drivers\avgloga.sys
2013-08-22 20:55:04 . 2013-08-22 20:55:04 241464 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
2013-08-22 20:54:54 . 2013-08-22 20:54:54 192824 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
2013-08-20 20:53:58 . 2013-08-20 20:53:58 123704 ----a-w- C:\Windows\system32\drivers\avgmfx64.sys
2013-08-18 17:23:25 . 2013-08-18 17:23:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-18 17:23:24 . 2012-05-14 08:07:35 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-18 17:23:24 . 2010-05-14 16:59:41 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-07 02:22:02 . 2009-10-22 08:31:59 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-08-02 01:48:11 . 2013-09-14 12:47:04 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-01 14:07:06 . 2013-08-01 14:07:06 251192 ----a-w- C:\Windows\system32\drivers\avgtdia.sys
2013-08-01 14:06:28 . 2013-08-01 14:06:28 147768 ----a-w- C:\Windows\system32\drivers\avgdiska.sys
2013-08-01 14:04:56 . 2013-08-01 14:04:56 31544 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25:54 . 2013-08-14 17:05:06 1888768 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-07-25 08:57:27 . 2013-08-14 17:05:06 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 . 2013-08-14 17:05:33 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-07-19 01:41:01 . 2013-08-14 17:05:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2009-12-22 16:59:02 . 2009-12-22 16:59:02 13604159 ----a-w- C:\Program Files (x86)\dps-dvd-menu-template-package-1.exe
2009-12-21 17:41:36 . 2009-12-21 17:41:36 13604159 ----a-w- C:\Program Files (x86)\dvd-menu-template-package.exe
2009-12-12 19:46:28 . 2009-12-12 19:45:35 28868320 ----a-w- C:\Program Files (x86)\FileFormatConverters.exe
2009-12-12 11:47:18 . 2009-12-12 11:37:51 145920984 ----a-w- C:\Program Files (x86)\LTRM2_WWEFG_win_2_5.exe
2009-12-12 00:17:05 . 2009-12-12 00:16:50 1956528 ----a-w- C:\Program Files (x86)\install_flash_player_ax.exe
2009-12-12 00:09:11 . 2009-12-12 00:07:39 26633927 ----a-w- C:\Program Files (x86)\dps_install.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-10-08 16:58:09 3353624 ----a-w- C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "C:\Program Files (x86)\wbtooltb\wbtoolDx.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll" [2013-10-08 16:58:09 3353624]

[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 08:52:02 98304]
"SPIRunE"="SPIRunE.dll" [2009-03-05 12:55:40 18432]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 13:36:18 36864]
"ScreenManager Pro for LCD"="C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2008-06-05 01:14:58 11932968]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 16:36:46 30040]
"BMISR"="C:\Program Files (x86)\KYE\WebMate\BM.exe" [2008-02-19 13:35:42 229376]
"ZoneAlarm Client"="C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 11:51:30 1043968]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"USB Storage Toolbox"="C:\Program Files (x86)\USB Disk Win98 Driver\Res.EXE" [2005-09-14 18:44:14 65536]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 15:26:58 1073312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 15:31:10 4851248]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2013-10-08 16:58:09 2404376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

R2 Angelnt;Angelnt;C:\Windows\System32\Drivers\ANGELNT.SYS;C:\Windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CrossLoopService;CrossLoop Service;C:\Users\admin\AppData\Local\CrossLoop\CrossLoopService.exe;C:\Users\admin\AppData\Local\CrossLoop\CrossLoopService.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 7ByteIo;7ByteIo;C:\Program Files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys;C:\Program Files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys [x]
R3 cpuz130;cpuz130;C:\Users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys;C:\Users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys;C:\Windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ENTECH64;ENTECH64;C:\Windows\system32\DRIVERS\ENTECH64.sys;C:\Windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys;C:\Windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys;C:\Windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtpt64.sys;C:\Windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmdm64.sys;C:\Windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys;C:\Windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;C:\Windows\System32\Drivers\TFsExDisk.sys;C:\Windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 ToolkitDisk;ToolkitDisk;C:\Windows\system32\Drivers\toolkitdisk.sys;C:\Windows\SYSNATIVE\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tvnserver;TightVNC Server;C:\Users\admin\AppData\Local\CrossLoop\tvnserver.exe;C:\Users\admin\AppData\Local\CrossLoop\tvnserver.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;C:\Windows\system32\DRIVERS\avgdiska.sys;C:\Windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys;C:\Windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx64.sys;C:\Windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x64.sys;C:\Windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\system32\drivers\DDCDrv.sys;C:\Windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys;C:\Windows\SYSNATIVE\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys;C:\Windows\SYSNATIVE\drivers\t3.sys [x]


Contents of the 'Scheduled Tasks' folder

2013-10-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 05:28:08 . 2013-09-19 17:09:16]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 17:03:32 186904]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 15:43:44 2320752]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 13:35:32 1116136]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 08:11:56 660360]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 06:27:44 444904]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab

- - - - ORPHANS REMOVED - - - -

BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-wbtooltb - C:\Program Files (x86)\wbtooltb\uninstall.exe


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:33:44, on 08.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Users\admin\Desktop\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll (file missing)
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files (x86)\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files (x86)\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &4shared Search - res://C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\admin\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\admin\AppData\Local\CrossLoop\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (file missing)
O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13698 bytes

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-08 22:38:14
-----------------------------
22:38:14.099 OS Version: Windows x64 6.1.7601 Service Pack 1
22:38:14.099 Number of processors: 2 586 0x170A
22:38:14.099 ComputerName: JA-PC UserName: admin
22:38:14.925 Initialize success
22:38:27.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:38:27.299 Disk 0 Vendor: WDC_WD32 05.0 Size: 305245MB BusType: 3
22:38:27.299 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
22:38:27.315 Disk 1 Vendor: ST310005 CC37 Size: 953869MB BusType: 3
22:38:27.315 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
22:38:27.315 Disk 2 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
22:38:27.502 Disk 0 MBR read successfully
22:38:27.502 Disk 0 MBR scan
22:38:27.502 Disk 0 unknown MBR code
22:38:27.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
22:38:27.533 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 5239 MB offset 614405925
22:38:27.596 Disk 0 scanning C:\Windows\system32\drivers
22:38:38.157 Service scanning
22:38:52.415 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
22:38:55.395 Modules scanning
22:38:55.395 Disk 0 trace - called modules:
22:38:55.411 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:38:55.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057f9060]
22:38:55.426 3 CLASSPNP.SYS[fffff88001a8a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80047b5050]
22:38:55.426 Scan finished successfully
22:39:37.079 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
22:39:37.079 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

[patrik.veselka]

2. cast:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-08 22:38:14
-----------------------------
22:38:14.099 OS Version: Windows x64 6.1.7601 Service Pack 1
22:38:14.099 Number of processors: 2 586 0x170A
22:38:14.099 ComputerName: JA-PC UserName: admin
22:38:14.925 Initialize success
22:38:27.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:38:27.299 Disk 0 Vendor: WDC_WD32 05.0 Size: 305245MB BusType: 3
22:38:27.299 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
22:38:27.315 Disk 1 Vendor: ST310005 CC37 Size: 953869MB BusType: 3
22:38:27.315 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
22:38:27.315 Disk 2 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
22:38:27.502 Disk 0 MBR read successfully
22:38:27.502 Disk 0 MBR scan
22:38:27.502 Disk 0 unknown MBR code
22:38:27.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
22:38:27.533 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 5239 MB offset 614405925
22:38:27.596 Disk 0 scanning C:\Windows\system32\drivers
22:38:38.157 Service scanning
22:38:52.415 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
22:38:55.395 Modules scanning
22:38:55.395 Disk 0 trace - called modules:
22:38:55.411 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:38:55.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057f9060]
22:38:55.426 3 CLASSPNP.SYS[fffff88001a8a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80047b5050]
22:38:55.426 Scan finished successfully
22:39:37.079 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
22:39:37.079 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

[patrik.veselka]

Dobry den, Jeste jsem chtel napsat ze soubor z aswMBR - 22:38:52.415 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32 -tenhle program oznacil zlute. Zatim dekuju

[jaro3]

To je v pořádku.
vsdatant.sys patří k Zone labs...

Odinstaluj:
AVG2012



Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll (file missing)
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O8 - Extra context menu item: &4shared Search - res://C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
C:\Windows\system32\drivers\klif.sys

Folder::
C:\Users\admin\AppData\Local\AVG Secure Search
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\ProgramData\AVG Secure Search
C:\Program Files (x86)\AVG Secure Search

Driver::
vToolbarUpdater15.4.0
vToolbarUpdater17.0.12

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-

DDS::
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

[patrik.veselka]

Dobry vecer. AVG 2012 jsem nemohl odinstalovat protoze jsem verzi 2012 nenašel. Posilam logi:

ComboFix 13-10-08.01 - admin 09.10.2013 21:04:49.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.2114 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\klif.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\AVG Secure Search\about.gif
c:\program files (x86)\AVG Secure Search\active-threats18.gif
c:\program files (x86)\AVG Secure Search\AVG Secure Search
c:\program files (x86)\AVG Secure Search\avgMozXPCOM.js
c:\program files (x86)\AVG Secure Search\calc.gif
c:\program files (x86)\AVG Secure Search\CleanHistory.gif
c:\program files (x86)\AVG Secure Search\configuration.xml
c:\program files (x86)\AVG Secure Search\current.gif
c:\program files (x86)\AVG Secure Search\currently-safe18.gif
c:\program files (x86)\AVG Secure Search\data.zip
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\all.css
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG Secure Search\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG Secure Search\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG Secure Search\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG Secure Search\EULA.gif
c:\program files (x86)\AVG Secure Search\Eula.txt
c:\program files (x86)\AVG Secure Search\favicon.ico
c:\program files (x86)\AVG Secure Search\feedback.gif
c:\program files (x86)\AVG Secure Search\FireFoxSearchXml.tmp
c:\program files (x86)\AVG Secure Search\help.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG Secure Search\Chrome\content\icons\loader.gif
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG Nation toolbar\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28_2.html
c:\program files (x86)\AVG Secure Search\ChromeRes\nt28_2.js
c:\program files (x86)\AVG Secure Search\icon18.gif
c:\program files (x86)\AVG Secure Search\labs.gif
c:\program files (x86)\AVG Secure Search\Licenses\CPOL license.txt
c:\program files (x86)\AVG Secure Search\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG Secure Search\Licenses\hmac.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG Secure Search\Licenses\Log4CPlus.txt
c:\program files (x86)\AVG Secure Search\Licenses\PassthruApp.txt
c:\program files (x86)\AVG Secure Search\lip.exe
c:\program files (x86)\AVG Secure Search\note.gif
c:\program files (x86)\AVG Secure Search\PostInstall.exe
c:\program files (x86)\AVG Secure Search\PostInstaller.ini
c:\program files (x86)\AVG Secure Search\privacy.gif
c:\program files (x86)\AVG Secure Search\remote_configuration.xml
c:\program files (x86)\AVG Secure Search\search.gif
c:\program files (x86)\AVG Secure Search\setup.bmp
c:\program files (x86)\AVG Secure Search\surf-with-caution18.gif
c:\program files (x86)\AVG Secure Search\Uninstall.exe
c:\program files (x86)\AVG Secure Search\uninstall.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG Secure Search\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files (x86)\AVG Secure Search\updating18.gif
c:\program files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\AVG Secure Search\weather.gif
c:\program files (x86)\AVG Secure Search\windows.gif
c:\program files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll
c:\program files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.12\DriverInstaller.exe
c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.cfg
c:\program files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.dll
c:\program files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\helper.dll
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12\ScriptHelper.exe
c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.12\toolband
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\UpdaterConfig.ini
c:\programdata\AVG Secure Search\Logger\logger.properties
c:\users\admin\AppData\Local\AVG Secure Search\DNT\dt.dat
c:\users\admin\AppData\Local\AVG Secure Search\SiteSafety\l_2013_10_08_09_58_57.db
c:\users\admin\AppData\Local\AVG Secure Search\SiteSafety\l_2013_10_09_10_58_30.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.4.0
-------\Service_vToolbarUpdater17.0.12
.
.
((((((((((((((((((((((((( Files Created from 2013-09-09 to 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 19:19 . 2013-10-09 19:19 -------- d-----w- c:\users\Zuzka\AppData\Local\temp
2013-10-09 19:19 . 2013-10-09 19:19 -------- d-----w- c:\users\PatrikV\AppData\Local\temp
2013-10-09 19:19 . 2013-10-09 19:19 -------- d-----w- c:\users\macher\AppData\Local\temp
2013-10-09 19:19 . 2013-10-09 19:19 -------- d-----w- c:\users\Ja\AppData\Local\temp
2013-10-09 19:19 . 2013-10-09 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-08 21:07 . 2013-10-08 21:07 -------- d-----w- c:\users\PatrikV\AppData\Local\AVG Secure Search
2013-10-08 21:06 . 2013-10-08 21:06 -------- d-----w- c:\users\PatrikV\AppData\Roaming\AVG2014
2013-10-08 21:06 . 2013-10-08 21:06 -------- d-----w- c:\users\PatrikV\AppData\Local\Avg2014
2013-10-08 21:03 . 2013-10-08 21:03 -------- d-----w- c:\users\PatrikV\AppData\Local\Apple Computer
2013-10-08 18:04 . 2013-10-08 18:04 17226632 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-08 17:04 . 2013-10-08 17:04 -------- d-----w- c:\users\admin\AppData\Roaming\AVG2014
2013-10-08 16:55 . 2013-10-08 17:00 -------- d-----w- c:\programdata\AVG2014
2013-10-08 16:54 . 2013-10-08 17:04 -------- d-----w- c:\users\admin\AppData\Local\Avg2014
2013-10-08 16:54 . 2013-10-08 16:54 -------- d-----w- c:\users\admin\AppData\Local\MFAData
2013-10-07 19:27 . 2013-10-07 19:27 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2013-10-07 19:26 . 2013-10-07 19:26 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-10-07 18:16 . 2013-10-07 18:16 -------- d-----w- c:\users\PatrikV\AppData\Roaming\Nokia
2013-10-07 18:08 . 2013-10-07 18:08 -------- d-----w- c:\users\PatrikV\AppData\Local\CANON_INC
2013-10-06 12:56 . 2013-10-06 12:56 -------- d-----w- c:\users\admin\AppData\Local\CANON_INC
2013-10-05 20:29 . 2013-10-08 21:02 -------- d-----w- c:\users\PatrikV\AppData\Local\HTC MediaHub
2013-10-05 16:17 . 2013-10-05 16:17 -------- d-----w- c:\users\PatrikV\AppData\Local\Apple
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\ATI
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\Ahead
2013-10-04 19:22 . 2013-10-04 19:22 -------- d-----w- c:\users\PatrikV\AppData\Local\Adobe
2013-10-04 18:06 . 2013-10-04 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-04 18:06 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-04 17:33 . 2013-10-04 17:33 -------- d-----w- c:\users\admin\AppData\Local\Apple Computer
2013-10-04 17:31 . 2013-10-04 17:31 -------- d-----w- c:\users\admin\AppData\Local\ATI
2013-10-04 17:30 . 2013-10-05 15:45 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2013-10-03 19:49 . 2013-10-03 19:49 -------- d-----w- c:\windows\ERUNT
2013-10-03 19:28 . 2013-08-11 09:46 619616 ------w- c:\windows\system32\drivers\klif.sys
2013-10-03 13:05 . 2013-10-03 13:05 -------- d-----w- c:\users\macher\AppData\Roaming\IObit
2013-10-02 18:42 . 2013-10-02 18:42 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-10-02 18:42 . 2013-10-02 18:42 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2013-10-02 18:42 . 2013-10-02 18:42 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2013-10-02 18:42 . 2013-10-02 18:42 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-10-02 18:42 . 2013-10-02 18:42 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-10-02 18:42 . 2013-10-02 18:42 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2013-10-02 18:42 . 2013-10-02 18:42 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2013-10-02 18:42 . 2013-10-02 18:42 -------- d-----w- c:\programdata\MicroWorld
2013-10-02 18:34 . 2013-10-02 18:34 -------- d-----w- c:\program files\HitmanPro
2013-10-02 17:12 . 2013-10-02 18:03 -------- d-----w- c:\users\PatrikV\AppData\Roaming\IObit
2013-10-02 16:35 . 2013-10-02 16:36 -------- d-----w- c:\programdata\IObit
2013-10-02 16:35 . 2013-10-02 16:35 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2013-10-02 16:35 . 2013-10-02 16:35 -------- d-----w- c:\program files (x86)\IObit
2013-10-01 17:37 . 2013-09-15 22:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D75DC00D-5F61-4342-8A30-42AD9B01CB04}\mpengine.dll
2013-09-16 16:52 . 2013-09-16 16:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-09-16 15:40 . 2013-09-16 16:52 -------- d-----w- c:\programdata\HitmanPro
2013-09-16 15:38 . 2013-09-16 15:38 -------- d-----w- c:\programdata\Hitman Pro
2013-09-14 12:47 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-14 12:46 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-14 12:46 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 16:58 . 2012-12-16 16:24 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-09-19 17:09 . 2012-04-05 05:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 17:09 . 2011-05-17 18:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 20:26 . 2009-10-22 11:25 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-22 21:25 . 2013-08-22 21:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-22 21:08 . 2013-08-22 21:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-22 20:55 . 2013-08-22 20:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-22 20:54 . 2013-08-22 20:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-20 20:53 . 2013-08-20 20:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-18 17:23 . 2013-08-18 17:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-18 17:23 . 2012-05-14 08:07 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-18 17:23 . 2010-05-14 16:59 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-07 02:22 . 2009-10-22 08:31 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-14 12:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 14:07 . 2013-08-01 14:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 14:06 . 2013-08-01 14:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 14:04 . 2013-08-01 14:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-14 17:05 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 17:05 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 17:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 17:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-12-22 16:59 . 2009-12-22 16:59 13604159 ----a-w- c:\program files (x86)\dps-dvd-menu-template-package-1.exe
2009-12-21 17:41 . 2009-12-21 17:41 13604159 ----a-w- c:\program files (x86)\dvd-menu-template-package.exe
2009-12-12 19:46 . 2009-12-12 19:45 28868320 ----a-w- c:\program files (x86)\FileFormatConverters.exe
2009-12-12 11:47 . 2009-12-12 11:37 145920984 ----a-w- c:\program files (x86)\LTRM2_WWEFG_win_2_5.exe
2009-12-12 00:17 . 2009-12-12 00:16 1956528 ----a-w- c:\program files (x86)\install_flash_player_ax.exe
2009-12-12 00:09 . 2009-12-12 00:07 26633927 ----a-w- c:\program files (x86)\dps_install.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ScreenManager Pro for LCD"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2008-06-05 11932968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BMISR"="c:\program files (x86)\KYE\WebMate\BM.exe" [2008-02-19 229376]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"USB Storage Toolbox"="c:\program files (x86)\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\i:\0autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS;c:\windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CrossLoopService;CrossLoop Service;c:\users\admin\AppData\Local\CrossLoop\CrossLoopService.exe;c:\users\admin\AppData\Local\CrossLoop\CrossLoopService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys [x]
R3 cpuz130;cpuz130;c:\users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Ja\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys;c:\windows\SYSNATIVE\Drivers\toolkitdisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tvnserver;TightVNC Server;c:\users\admin\AppData\Local\CrossLoop\tvnserver.exe;c:\users\admin\AppData\Local\CrossLoop\tvnserver.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 1116136]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
AddRemove-wbtooltb - c:\program files (x86)\wbtooltb\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
.
**************************************************************************
.
Completion time: 2013-10-09 21:30:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-09 19:30
ComboFix2.txt 2013-10-08 20:31
ComboFix3.txt 2013-10-07 17:28
.
Pre-Run: 127 566 086 144 bytes free
Post-Run: 129 354 051 584 bytes free
.
- - End Of File - - 7D4599182D0AE29F92AE82CD4E36485F
671B81004FDD1588FA9ED1331C9CECA9


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:22, on 09.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Users\admin\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BMISR] C:\Program Files (x86)\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files (x86)\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.6.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\admin\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\admin\AppData\Local\CrossLoop\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11177 bytes


Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Vyskakuje jeste okno: Failed to register the program icon to the taskbar notification area. ScreenManager Pro for LCD wil be terminated.
Zatim dekuju.

[jaro3]

ScreenManager Pro--zkus přeinstalovat.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
c:\windows\system32\drivers\klif.sys

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[patrik.veselka]

Dofam ze je podle instrukci aspon jsem se snazil. Posilam log:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\Windows\SysNative\drivers\~GLH0020.TMP moved successfully.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder c:\windows\system32\drivers\klif.sys not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 1599579 bytes
->Temporary Internet Files folder emptied: 1789466 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 3039292 bytes
->Flash cache emptied: 598 bytes

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: macher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PatrikV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42014660 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 1630133 bytes
->Flash cache emptied: 598 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zuzka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1230406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10102013_204631

Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\admin\AppData\Local\Temp\~DFE1BE44F510865498.TMP moved successfully.
File move failed. C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT07d96.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jaro3]

Spusť OTL a klikni na Vyčisti.

Co problémy?