nelze spustit aplikace + iexplore.exe - chyba aplikace

Zpráva

petran · #16 Příspěvek od **petran** » 29 pro 2014 22:43

pchunter log v priloze

#17 Příspěvek od **altrok** » 30 pro 2014 00:18

Jeste zkusime po dobrem... Otestujte na virustotal.com

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
D:\Dan\American Sniper 2014\Lite x264 Codec Pack.exe

- idealne zaslete vysledky ze vsech analyz (4 linky z virustotalu), at vime, s kym mame tu cest.

Spustte FRST64.exe, do bileho pole Search vlozte
FC9D8189-520A-4417-AED7-9EAC810C6FBA
a kliknete na Search Registry. Obsah Search.txt poslete v dalsi odpovedi.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
Folder: D:\Dan\American Sniper 2014
Folder: C:\ProgramData\Microsoft\Secure\Icons
Folder: C:\Users\petra\AppData\Local\YpzPack
Folder: C:\Users\petra\AppData\Local\ASworks

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe
CMD: del C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe
CMD: del "C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe"
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\avgwlx64: avgwlx64.dll [X]
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [YpzPack] => regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\NativeUtilSnap.dll <===== ATTENTION
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [IPWsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\petra\AppData\Local\ASworks\AclWan.dll
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {0e3978c8-be1d-11e2-95e6-70f395a5c5af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {a6e0cbba-2273-11e0-9a49-1cc1dead56f6} - H:\vs_premium.exe
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

C:\Users\petra\Downloads\14E5.tmp
C:\Users\petra\AppData\Local\YpzPack
C:\Users\petra\AppData\Local\ASworks
Task: {F9C8A029-1732-4FC7-99B1-0EE1A7466F9C} - System32\Tasks\{7B408AEB-899A-4423-9E17-445B83D59666} => pcalua.exe -a "D:\Dan\American Sniper 2014\Lite x264 Codec Pack.exe" -d "D:\Dan\American Sniper 2014"
Hosts:
EmptyTemp:
End

Pak dejte novy frst.txt a zkontrolujte, zda problemy pretrvavaji.

petran · #18 Příspěvek od **petran** » 30 pro 2014 08:54

https://www.virustotal.com/cs/file/d773 ... /analysis/
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll - nejde otevrit. Pry je tento soubor pouzivan.
https://www.virustotal.com/cs/file/58e8 ... /analysis/
ten soubor jsme vcera smazala

Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by petra at 2014-12-30 08:53:40
Running from C:\Users\petra\Desktop
Boot Mode: Normal

================== Search Registry: "FC9D8189-520A-4417-AED7-9EAC810C6FBA" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider]
""="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_USERS\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{FC9D8189-520A-4417-AED7-9EAC810C6FBA} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF"="0x0100000000000000442FC8706F20D001"
[HKEY_USERS\S-1-5-21-1537954393-1589409457-3668467252-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{FC9D8189-520A-4417-AED7-9EAC810C6FBA} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF"="0x0100000000000000442FC8706F20D001"

====== End Of Search ======

zbytek jeste doplnim

petran · #19 Příspěvek od **petran** » 30 pro 2014 09:09

fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by petra at 2014-12-30 08:58:27 Run:1
Running from C:\Users\petra\Desktop
Loaded Profile: petra (Available profiles: petra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Folder: D:\Dan\American Sniper 2014
Folder: C:\ProgramData\Microsoft\Secure\Icons
Folder: C:\Users\petra\AppData\Local\YpzPack
Folder: C:\Users\petra\AppData\Local\ASworks

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe
CMD: del C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe
CMD: del "C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe"
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\avgwlx64: avgwlx64.dll [X]
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [YpzPack] => regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\NativeUtilSnap.dll <===== ATTENTION
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [IPWsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\petra\AppData\Local\ASworks\AclWan.dll
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {0e3978c8-be1d-11e2-95e6-70f395a5c5af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {a6e0cbba-2273-11e0-9a49-1cc1dead56f6} - H:\vs_premium.exe
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

C:\Users\petra\Downloads\14E5.tmp
C:\Users\petra\AppData\Local\YpzPack
C:\Users\petra\AppData\Local\ASworks
Task: {F9C8A029-1732-4FC7-99B1-0EE1A7466F9C} - System32\Tasks\{7B408AEB-899A-4423-9E17-445B83D59666} => pcalua.exe -a "D:\Dan\American Sniper 2014\Lite x264 Codec Pack.exe" -d "D:\Dan\American Sniper 2014"
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: D:\Dan\American Sniper 2014 ========================

Directory Not Found

========================= Folder: C:\ProgramData\Microsoft\Secure\Icons ========================

2014-12-25 19:19 - 2014-12-25 19:19 - 2247680 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-12-25 19:19 - 2014-12-25 19:19 - 2740736 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-12-25 19:19 - 2014-12-25 19:24 - 0000000 ____D () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons
2014-12-25 19:24 - 2014-12-30 08:55 - 0004098 _____ () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif
2014-12-25 19:19 - 2014-12-25 19:19 - 0000000 __SHD () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\cache
2014-12-25 19:19 - 2014-12-25 19:19 - 0000000 __SHD () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data
2014-12-25 19:19 - 2014-12-29 20:57 - 0000000 ____D () C:\ProgramData\Microsoft\Secure\Icons\temp
2014-12-27 19:35 - 2014-12-27 19:35 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\{219086A5-24FC-0963-71A7-4CC921760A0C}
2014-12-25 19:21 - 2014-12-25 19:21 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\{55718562-4AA4-49B8-2AF6-9E0F7EDEA3FB}
2014-12-29 19:37 - 2014-12-29 19:37 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\{7D4416BC-7739-A583-93B0-5A3AF14D9C7F}
2014-12-29 19:52 - 2014-12-29 19:52 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13DF.tmp
2014-12-27 19:50 - 2014-12-27 19:50 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4118.tmp
2014-12-26 07:59 - 2014-12-26 07:59 - 0138818 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp54D3.exe
2014-12-26 07:59 - 2014-12-26 07:59 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp54D3.tmp
2014-12-29 19:36 - 2014-12-29 19:36 - 0251024 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe
2014-12-29 19:36 - 2014-12-29 19:36 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.tmp
2014-12-27 19:34 - 2014-12-27 19:34 - 0310272 _____ (ООО Яндекс) C:\ProgramData\Microsoft\Secure\Icons\temp\tmp731E.exe
2014-12-27 19:34 - 2014-12-27 19:34 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp731E.tmp
2014-12-25 19:19 - 2014-12-25 19:19 - 0308224 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC27C.exe
2014-12-25 19:19 - 2014-12-25 19:19 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC27C.tmp
2014-12-25 19:39 - 2014-12-25 19:39 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmpCA7F.tmp
2014-12-28 09:33 - 2014-12-28 09:33 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD414.tmp

====== End of Folder: ======

========================= Folder: C:\Users\petra\AppData\Local\YpzPack ========================

2014-12-25 19:21 - 2014-12-25 19:21 - 0034304 _____ () C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll
2014-12-25 19:21 - 2014-12-25 19:21 - 0237076 _____ () C:\Users\petra\AppData\Local\YpzPack\Gameshell.lck
2014-12-29 19:37 - 2014-12-29 19:37 - 0033792 _____ () C:\Users\petra\AppData\Local\YpzPack\NativeUtilSnap.dll
2014-12-29 19:37 - 2014-12-29 19:37 - 0237076 _____ () C:\Users\petra\AppData\Local\YpzPack\NativeUtilSnap.lck

====== End of Folder: ======

========================= Folder: C:\Users\petra\AppData\Local\ASworks ========================

2014-12-29 19:39 - 2014-12-29 19:39 - 0036352 _____ () C:\Users\petra\AppData\Local\ASworks\AclWan.dll
2014-12-29 19:39 - 2014-12-29 19:39 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\AclWan.lck
2014-12-30 08:46 - 2014-12-30 08:46 - 0033280 _____ () C:\Users\petra\AppData\Local\ASworks\ClipmapCtrl.dll
2014-12-30 08:46 - 2014-12-30 08:46 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\ClipmapCtrl.lck
2014-12-30 08:26 - 2014-12-30 08:26 - 0035840 _____ () C:\Users\petra\AppData\Local\ASworks\ComUtilSnap.dll
2014-12-30 08:26 - 2014-12-30 08:26 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\ComUtilSnap.lck
2014-12-25 19:20 - 2014-12-25 19:20 - 0034304 _____ () C:\Users\petra\AppData\Local\ASworks\Gameshell.dll
2014-12-25 19:20 - 2014-12-25 19:20 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\Gameshell.lck
2014-12-30 08:35 - 2014-12-30 08:50 - 0034816 _____ () C:\Users\petra\AppData\Local\ASworks\LocctrlVga.dll
2014-12-30 08:50 - 2014-12-30 08:50 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\LocctrlVga.dll.lck
2014-12-30 08:35 - 2014-12-30 08:35 - 0034816 _____ () C:\Users\petra\AppData\Local\ASworks\LocctrlVga.dll.old
2014-12-30 08:35 - 2014-12-30 08:35 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\LocctrlVga.lck
2014-12-28 09:35 - 2014-12-28 09:35 - 1270272 _____ () C:\Users\petra\AppData\Local\ASworks\ndppydljdabngna.dll
2014-12-28 09:35 - 2014-12-28 09:35 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\ndppydljdabngna.lck
2014-12-30 08:20 - 2014-12-30 08:20 - 0034816 _____ () C:\Users\petra\AppData\Local\ASworks\Tosdll24.dll
2014-12-30 08:20 - 2014-12-30 08:20 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\Tosdll24.lck
2014-12-30 08:54 - 2014-12-30 08:54 - 0037888 _____ () C:\Users\petra\AppData\Local\ASworks\tosengine.dll
2014-12-30 08:54 - 2014-12-30 08:54 - 0051220 _____ () C:\Users\petra\AppData\Local\ASworks\tosengine.lck

====== End of Folder: ======

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe => Moved successfully.

========= del C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe =========

========= End of CMD: =========

========= del "C:\ProgramData\Microsoft\Secure\Icons\temp\tmp*.exe" =========

========= End of CMD: =========

Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlx64" => Key deleted successfully.
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Windows\CurrentVersion\Run\\YpzPack => value deleted successfully.
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Windows\CurrentVersion\Run\\IPWsoft => value deleted successfully.
"HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3978c8-be1d-11e2-95e6-70f395a5c5af}" => Key deleted successfully.
HKCR\CLSID\{0e3978c8-be1d-11e2-95e6-70f395a5c5af} => Key not found.
"HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6e0cbba-2273-11e0-9a49-1cc1dead56f6}" => Key deleted successfully.
HKCR\CLSID\{a6e0cbba-2273-11e0-9a49-1cc1dead56f6} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
C:\Users\petra\Downloads\14E5.tmp => Moved successfully.
C:\Users\petra\AppData\Local\YpzPack => Moved successfully.
C:\Users\petra\AppData\Local\ASworks => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9C8A029-1732-4FC7-99B1-0EE1A7466F9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9C8A029-1732-4FC7-99B1-0EE1A7466F9C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7B408AEB-899A-4423-9E17-445B83D59666} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B408AEB-899A-4423-9E17-445B83D59666}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 113.7 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-30 09:03:28)<=

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.

==== End of Fixlog 09:03:28 ====

petran · #20 Příspěvek od **petran** » 30 pro 2014 09:13

LastRegBack: 2014-12-26 11:09

==================== End Of Log ============================

#21 Příspěvek od **altrok** » 30 pro 2014 11:47

Z logu to vypada, ze je puvodcem problemu prave D:\Dan\American Sniper 2014\Lite x264 Codec Pack.exe

altrok píše: Pak dejte novy frst.txt a zkontrolujte, zda problemy pretrvavaji.

dal/dala jste spatny log - Addition.txt.. a co problemy? nejaka zmena?

petran · #22 Příspěvek od **petran** » 30 pro 2014 12:57

Ja si myslela, ze to bude neco s tim pritelovym stahovanim

Uz ma zakaz na muj pocitac.

Aktualni stav je, ze aplikace jsou spustit i IE a odinstalovani programu (odinstalovala jsem ten torrent).

Co jsem si vsimla, tak se akorat ve wordu nezobrazuji vlozene obrazky - zrovna sepisuju jeden dokument.
No hlavní, ale je, aby tam nebyla zadna havet.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by petra (administrator) on PETRA-HP on 30-12-2014 12:34:26
Running from C:\Users\petra\Desktop
Loaded Profile: petra (Available profiles: petra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(FutureDial Inc.) C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\petra\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartSoft PDF Printer Agent] => C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe [50560 2011-05-17] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2013-06-21] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-03] (Symantec Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync] => C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe [180224 2010-04-16] (FutureDial Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220552 2011-04-28] (Geek Software GmbH)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-12-09] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [Google Update] => C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
ShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://cag.autocont.cz/
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {4C9CBA0D-2FB5-4A52-B2F2-309B981A6D34} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {737B82B4-4313-442A-B155-9D7CEABE955A} URL = http://search.findwide.com/serp?guid={2 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={92 ... 2014-12-09 09:45:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {A3C94BE3-88E5-49A7-8E8F-4118A4DDA8BD} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C6C13DEC-BE6A-4253-B87E-5B76BA964E8C} URL = http://search.findwide.com/rt?guid={5E1 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C7CD73CA-3327-4E63-911E-C23C78A3C332} URL = http://search.yahoo.com/search?p={searc ... type=10809
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {F533918A-A8C5-4CB0-B704-1CDF6E16E34A} - No File
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {7BF9DE01-F60A-41F0-B158-ACF52E5F99B8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Citrix.com/npagee64,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npagee,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=3 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=9 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee64.dll (Citrix Systems, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-03]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (AVG Secure Search) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-12-09]
CHR Extension: (VyhledÃƒÆ’Ã‚Â¡vÃƒÆ’Ã‚Â¡nÃƒÆ’Ã‚Â Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2010-12-27]
CHR Extension: (PenÃƒâ€žÃ¢â‚¬ÂºÃƒâ€¦Ã‚Â¾enka Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [157744 2014-01-10] (Citrix Systems, Inc)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-12-09] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-12-09] (AVG Technologies)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [102160 2013-04-01] (Citrix Systems, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [46640 2014-01-10] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 12:34 - 2014-12-30 12:35 - 00032526 _____ () C:\Users\petra\Desktop\FRST.txt
2014-12-29 21:27 - 2014-12-29 21:27 - 00000000 ____D () C:\Users\petra\Desktop\PCHunter_free
2014-12-29 21:26 - 2014-12-29 21:27 - 06739485 _____ () C:\Users\petra\Desktop\PCHunter_free.zip
2014-12-29 20:58 - 2014-12-29 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-29 20:06 - 2014-12-29 21:25 - 00000000 ____D () C:\Users\petra\Desktop\mbar
2014-12-29 20:05 - 2014-12-29 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\petra\Desktop\mbar-1.08.2.1001.exe
2014-12-29 19:23 - 2014-12-29 19:23 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Desktop\OTM.exe
2014-12-29 19:01 - 2014-12-29 19:01 - 00000901 _____ () C:\Users\petra\Desktop\viry co delat.txt
2014-12-29 17:49 - 2014-12-30 12:34 - 00000000 ____D () C:\FRST
2014-12-29 17:27 - 2014-12-29 17:27 - 02123264 _____ (Farbar) C:\Users\petra\Desktop\FRST64 (1).exe
2014-12-29 17:20 - 2014-12-29 17:20 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM (1).exe
2014-12-29 17:17 - 2014-12-29 17:18 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM.exe
2014-12-29 17:12 - 2014-12-29 17:12 - 00000000 ____D () C:\_OTM
2014-12-29 16:11 - 2014-12-29 16:11 - 00000394 _____ () C:\windows\PFRO.log
2014-12-29 16:05 - 2014-12-29 16:05 - 00002020 _____ () C:\Users\petra\Desktop\Windows Compatibility Report.htm
2014-12-29 16:01 - 2014-12-30 09:02 - 00001085 _____ () C:\windows\setupact.log
2014-12-29 16:01 - 2014-12-29 18:59 - 00000000 _____ () C:\windows\setuperr.log
2014-12-29 15:26 - 2014-12-29 15:26 - 00015392 _____ () C:\Users\petra\Documents\cc_20141229_152623.reg
2014-12-28 23:04 - 2014-12-28 23:04 - 00000507 _____ () C:\Users\petra\Desktop\viry.txt
2014-12-28 10:55 - 2014-12-30 11:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 10:53 - 2014-12-29 20:57 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 10:53 - 2014-12-28 10:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-28 10:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-28 10:49 - 2014-12-28 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\petra\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 10:38 - 2014-12-28 10:38 - 00331552 _____ () C:\Users\petra\Documents\zaloha registru.reg
2014-12-28 10:27 - 2014-12-28 10:27 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 10:26 - 2014-12-28 10:26 - 05317104 _____ (Piriform Ltd) C:\Users\petra\Downloads\ccsetup501.exe
2014-12-28 10:20 - 2014-12-28 23:06 - 00000000 ____D () C:\Program Files\trend micro
2014-12-28 10:20 - 2014-12-28 10:21 - 00000000 ____D () C:\rsit
2014-12-28 10:20 - 2014-12-28 10:20 - 01222144 _____ () C:\Users\petra\Downloads\RSITx64.exe
2014-12-27 20:02 - 2014-12-27 20:02 - 00001715 _____ () C:\Users\petra\Desktop\Computer.lnk
2014-12-27 20:02 - 2014-12-27 20:02 - 00000288 _____ () C:\Users\petra\AppData\Roaming\4E90F1F3.reg
2014-12-26 23:04 - 2014-12-26 23:04 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (3).application
2014-12-26 23:04 - 2014-12-26 23:04 - 00000370 _____ () C:\Users\petra\Desktop\eTesty - klient (ACV).appref-ms
2014-12-26 23:04 - 2014-12-26 23:04 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstvo dopravy
2014-12-26 23:03 - 2014-12-26 23:03 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (2).application
2014-12-26 11:45 - 2014-12-29 17:12 - 00066752 _____ () C:\windows\SysWOW64\debug.log
2014-12-26 11:45 - 2014-12-29 16:34 - 00004268 _____ () C:\Users\petra\Desktop\Soubor Windows Compatibility Report.htm
2014-12-26 11:37 - 2014-12-29 18:59 - 00002544 _____ () C:\windows\diagwrn.xml
2014-12-26 11:37 - 2014-12-29 18:59 - 00001890 _____ () C:\windows\diagerr.xml
2014-12-26 08:17 - 2014-12-26 08:17 - 00003126 _____ () C:\windows\System32\Tasks\{4547B2DF-65D8-4CDB-A59A-46A2937A7846}
2014-12-25 16:48 - 2014-12-25 16:49 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV.application
2014-12-20 22:06 - 2014-12-20 22:06 - 04085248 _____ () C:\Users\petra\Desktop\teorie_treninku_strelby_zacatecniku.ppt
2014-12-18 06:13 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 06:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 12:41 - 2014-12-17 12:41 - 00413005 _____ () C:\Users\petra\Desktop\MD_eKom_ UAT_171204 MD.xlsx
2014-12-14 14:32 - 2014-12-14 14:32 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (1).application
2014-12-10 06:34 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:34 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 06:34 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 06:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:33 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 06:33 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 06:33 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 06:33 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 06:33 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 06:33 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 06:33 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 06:33 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 06:33 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:33 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 06:33 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 06:33 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 06:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 06:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 06:33 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 06:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 06:33 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 06:33 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 06:33 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 06:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 06:33 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 06:33 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 09:45 - 2014-12-09 19:51 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-12-09 09:45 - 2014-12-09 13:45 - 00000000 ____D () C:\Users\petra\AppData\Local\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00050976 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-08 22:41 - 2014-12-08 22:41 - 00000000 ____D () C:\Users\petra\Záznamy aplikace Lync
2014-12-08 20:10 - 2014-12-08 20:10 - 00000000 ____D () C:\Users\petra\AppData\Roaming\AVG2015
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\Users\petra\AppData\Roaming\TuneUp Software
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-08 20:07 - 2014-12-28 10:02 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-08 20:07 - 2014-12-08 20:07 - 00000000 ___HD () C:\$AVG
2014-12-08 20:06 - 2014-12-08 20:06 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-08 19:15 - 2014-12-30 08:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-08 19:15 - 2014-12-09 09:36 - 00000000 ____D () C:\Users\petra\AppData\Local\Avg2015
2014-12-08 19:15 - 2014-12-08 19:15 - 00000000 ____D () C:\Users\petra\AppData\Local\MFAData
2014-12-08 18:42 - 2014-12-08 18:42 - 04578048 _____ (AVG Technologies) C:\Users\petra\Downloads\avg_free_stb_all_2015_5315_ppc2.exe
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2012
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2012
2014-12-05 13:58 - 2014-12-05 13:58 - 00000045 _____ () C:\Users\petra\Documents\2014_12.txt
2014-12-05 02:04 - 2014-12-25 18:49 - 00000000 ____D () C:\Users\petra\Documents\Visual Studio 2012
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files\Application Verifier
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-12-05 01:57 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-12-05 01:57 - 2014-12-05 01:57 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-12-05 01:54 - 2014-12-05 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-05 01:53 - 2014-12-05 01:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-12-05 01:53 - 2014-12-05 01:53 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files\IIS Express
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-12-05 01:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-05 01:49 - 2014-12-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-12-05 01:44 - 2014-12-05 01:44 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-12-05 01:43 - 2014-12-05 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 01:47 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-12-05 01:36 - 2014-12-05 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2014-12-05 01:36 - 2014-12-05 02:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-12-05 01:36 - 2014-12-05 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-12-05 01:36 - 2014-12-05 01:41 - 00000000 ____D () C:\windows\system32\1033
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\windows\symbols
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2014-12-05 01:17 - 2014-12-18 05:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-04 23:47 - 2014-12-04 23:47 - 00777835 _____ () C:\Users\petra\Downloads\test
2014-12-04 20:52 - 2014-12-04 20:52 - 00003264 _____ () C:\windows\System32\Tasks\{74AE9AB3-119A-4DD3-BCCA-0B26A6AAED42}
2014-12-04 20:37 - 2014-12-04 20:37 - 00000894 _____ () C:\Users\petra\Downloads\AutoContCA2 (1).crt
2014-12-04 20:37 - 2014-12-04 20:37 - 00000890 _____ () C:\Users\petra\Downloads\AutoContCA (1).crt
2014-12-04 20:36 - 2014-12-04 20:36 - 00000890 _____ () C:\Users\petra\Downloads\cacert (1).crt
2014-12-04 13:51 - 2014-12-04 13:51 - 00000000 ____D () C:\ProgramData\Applications
2014-12-04 13:50 - 2014-12-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-12-04 13:50 - 2014-12-28 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-12-04 13:50 - 2014-12-06 07:57 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-12-04 13:49 - 2014-12-30 09:04 - 00000000 ____D () C:\Users\petra\Tracing
2014-12-04 13:49 - 2014-12-04 13:49 - 00000000 ____D () C:\Program Files (x86)\OCSetup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 12:34 - 2010-12-19 15:39 - 00000000 ____D () C:\Users\petra\AppData\Roaming\uTorrent
2014-12-30 12:33 - 2010-12-15 22:23 - 00000962 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
2014-12-30 12:07 - 2014-03-05 14:21 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 11:55 - 2010-09-27 23:17 - 01182471 _____ () C:\windows\WindowsUpdate.log
2014-12-30 09:33 - 2010-12-15 22:23 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
2014-12-30 09:11 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 09:11 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 09:02 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 21:12 - 2014-07-25 20:17 - 00000000 ____D () C:\Users\petra\AppData\Local\Maxiget
2014-12-29 14:19 - 2010-09-09 22:18 - 00672408 _____ () C:\windows\system32\perfh005.dat
2014-12-29 14:19 - 2010-09-09 22:18 - 00142972 _____ () C:\windows\system32\perfc005.dat
2014-12-29 14:19 - 2009-07-14 06:13 - 01593238 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-29 10:08 - 2014-11-20 16:52 - 01611202 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-28 22:28 - 2013-07-11 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-28 22:12 - 2011-01-31 20:43 - 00000000 ____D () C:\Users\petra\AppData\Local\Downloaded Installations
2014-12-28 15:02 - 2010-12-15 22:22 - 00000000 ____D () C:\Users\petra\AppData\Local\Deployment
2014-12-28 11:41 - 2014-02-28 16:31 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForpetra.job
2014-12-28 10:34 - 2011-05-31 20:29 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-12-28 10:34 - 2010-12-28 20:53 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Media Player Classic
2014-12-28 10:30 - 2009-07-27 16:04 - 00000000 ____D () C:\windows\Panther
2014-12-28 05:25 - 2010-09-09 22:23 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-27 09:40 - 2010-12-27 20:58 - 00000000 ____D () C:\Users\petra\.gimp-2.6
2014-12-26 17:02 - 2014-02-28 16:31 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForpetra
2014-12-26 17:02 - 2011-10-28 19:20 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-26 17:02 - 2010-12-17 17:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-16 17:26 - 2012-08-28 20:31 - 00047616 _____ () C:\Users\petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-12 18:06 - 2010-12-16 04:57 - 00000000 ____D () C:\windows\rescache
2014-12-12 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 16:36 - 2011-01-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:34 - 2013-08-15 07:13 - 00000000 ____D () C:\windows\system32\MRT
2014-12-12 16:18 - 2010-12-19 16:13 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:07 - 2014-03-05 14:21 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:54 - 2009-07-14 06:08 - 00032532 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-08 22:41 - 2010-12-15 21:07 - 00000000 ____D () C:\Users\petra
2014-12-07 18:29 - 2010-12-18 23:00 - 00000000 ____D () C:\Users\petra\AppData\Roaming\vlc
2014-12-06 08:38 - 2009-07-14 05:45 - 04971336 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-06 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-05 19:36 - 2014-09-17 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-12-05 01:56 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-05 01:54 - 2010-12-15 21:23 - 00110440 _____ () C:\Users\petra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 01:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 11:09

==================== End Of Log ============================

#23 Příspěvek od **altrok** » 30 pro 2014 13:02

Odinstalujte Skype Click to Call

Postupujte naprosto presne dle navodu kolegy.

vyosek píše: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe

Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)

Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost

RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet

Na plose vznikne log Rkill.txt ten mi sem vlozte

Ted nerestartujte PC - prisli byste o ucinek RKillu
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.

Pokud mate Win XP spustte pod uctem Spravce\Administratora

Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce

Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano

Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste

Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna

Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit

Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

petran · #24 Příspěvek od **petran** » 30 pro 2014 14:13

ComboFix 14-12-30.01 - petra 30.12.2014 13:57:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3996.2067 [GMT 1:00]
Spuštěný z: c:\users\petra\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\882B7B5BCB.sys
C:\Thumbs.db
c:\users\petra\AppData\Local\Temp\VPNFE7A.tmp
c:\users\petra\AppData\Roaming\4E90F1F3.reg
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-28 do 2014-12-30 )))))))))))))))))))))))))))))))
.
.
2014-12-30 13:07 . 2014-12-30 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-29 19:58 . 2014-12-29 20:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-29 16:49 . 2014-12-30 11:37 -------- d-----w- C:\FRST
2014-12-29 16:12 . 2014-12-29 16:12 -------- d-----w- C:\_OTM
2014-12-28 09:55 . 2014-12-30 12:32 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 09:53 . 2014-12-29 19:57 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 09:53 . 2014-12-28 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-28 09:53 . 2014-12-28 09:53 -------- d-----w- c:\programdata\Malwarebytes
2014-12-28 09:53 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-28 09:53 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-28 09:27 . 2014-12-28 09:27 -------- d-----w- c:\program files\CCleaner
2014-12-28 09:20 . 2014-12-28 22:06 -------- d-----w- c:\program files\trend micro
2014-12-28 09:20 . 2014-12-28 09:21 -------- d-----w- C:\rsit
2014-12-27 18:34 . 2014-12-27 18:34 310272 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp731E.exe
2014-12-26 06:59 . 2014-12-26 06:59 138818 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp54D3.exe
2014-12-25 18:19 . 2014-12-25 18:19 308224 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmpC27C.exe
2014-12-18 05:13 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 05:13 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-10 05:34 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 05:34 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 05:34 . 2014-11-22 02:16 276480 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-12-10 05:34 . 2014-11-22 02:06 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-09 08:45 . 2014-12-09 12:45 -------- d-----w- c:\users\petra\AppData\Local\AVG Web TuneUp
2014-12-09 08:45 . 2014-12-09 18:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-12-09 08:45 . 2014-12-09 08:45 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\programdata\AVG Secure Search
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2014-12-08 21:41 . 2014-12-08 21:41 -------- d-----w- c:\users\petra\Záznamy aplikace Lync
2014-12-08 19:10 . 2014-12-08 19:10 -------- d-----w- c:\users\petra\AppData\Roaming\AVG2015
2014-12-08 19:09 . 2014-12-08 19:09 -------- d-----w- c:\users\petra\AppData\Roaming\TuneUp Software
2014-12-08 19:07 . 2014-12-28 09:02 -------- d-----w- c:\programdata\AVG2015
2014-12-08 19:07 . 2014-12-08 19:07 -------- d-----w- C:\$AVG
2014-12-08 19:06 . 2014-12-08 19:06 -------- d-----w- c:\program files (x86)\AVG
2014-12-08 18:15 . 2014-12-30 07:29 -------- d-----w- c:\programdata\MFAData
2014-12-08 18:15 . 2014-12-09 08:36 -------- d-----w- c:\users\petra\AppData\Local\Avg2015
2014-12-08 18:15 . 2014-12-08 18:15 -------- d-----w- c:\users\petra\AppData\Local\MFAData
2014-12-07 16:37 . 2014-12-07 16:37 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-12-05 11:01 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2B58760-A8F2-412F-B7ED-A65AFC83A6BC}\mpengine.dll
2014-12-05 01:06 . 2014-12-06 06:48 2496928 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2014-12-05 00:59 . 2014-12-05 00:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-12-05 00:59 . 2014-12-05 00:59 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\program files\Application Verifier
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\program files (x86)\Application Verifier
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\programdata\Windows App Certification Kit
2014-12-05 00:57 . 2014-12-05 00:57 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2014-12-05 00:57 . 2014-12-05 00:57 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-12-05 00:54 . 2014-12-05 00:55 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-05 00:53 . 2014-12-05 00:54 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2014-12-05 00:53 . 2014-12-05 00:53 -------- d-----w- c:\program files\Microsoft
2014-12-05 00:52 . 2014-12-05 00:53 -------- d-----w- c:\program files (x86)\IIS Express
2014-12-05 00:52 . 2014-12-05 00:53 -------- d-----w- c:\program files\IIS Express
2014-12-05 00:52 . 2014-12-05 00:52 -------- d-----w- c:\program files (x86)\NuGet
2014-12-05 00:52 . 2014-12-05 00:52 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2014-12-05 00:50 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-12-05 00:49 . 2014-12-05 00:49 -------- d-----w- c:\program files (x86)\Windows Kits
2014-12-05 00:44 . 2014-12-05 00:44 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2014-12-05 00:43 . 2014-12-05 00:43 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2014-12-05 00:41 . 2014-12-05 00:47 -------- d-----w- c:\windows\SysWow64\1033
2014-12-05 00:41 . 2014-12-05 01:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-12-05 00:41 . 2014-12-05 01:00 -------- d-----w- c:\program files\Microsoft SQL Server
2014-12-05 00:37 . 2014-12-05 00:39 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-12-05 00:36 . 2014-12-05 01:03 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2014-12-05 00:36 . 2014-12-05 00:41 -------- d-----w- c:\windows\system32\1033
2014-12-05 00:36 . 2014-12-05 00:36 -------- d-----w- c:\windows\symbols
2014-12-05 00:36 . 2014-12-05 01:02 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-12-05 00:36 . 2014-12-05 00:36 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2014-12-05 00:17 . 2014-12-18 04:57 -------- d-----w- c:\programdata\Package Cache
2014-12-05 00:17 . 2014-12-05 00:17 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-12-04 12:51 . 2014-12-04 12:51 -------- d-----w- c:\programdata\Applications
2014-12-04 12:50 . 2014-12-06 06:57 -------- d-----w- c:\program files\Microsoft Lync
2014-12-04 12:50 . 2014-12-28 12:59 -------- d-----w- c:\program files (x86)\Microsoft Lync
2014-12-04 12:49 . 2014-12-30 08:04 -------- d-----w- c:\users\petra\Tracing
2014-12-04 12:49 . 2014-12-04 12:49 -------- d-----w- c:\program files (x86)\OCSetup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 15:18 . 2010-12-19 15:13 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-09 19:07 . 2014-03-05 13:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 19:07 . 2014-03-05 13:21 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-11-19 05:19 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 05:19 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 05:19 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 05:19 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 13:30 . 2011-01-17 20:45 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-29 20:35 . 2014-10-29 20:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-10-25 01:57 . 2014-11-12 05:15 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 05:15 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 05:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 05:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 05:18 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 05:18 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:12 . 2014-11-12 05:18 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 05:18 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 05:18 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 05:18 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:49 . 2014-11-12 05:18 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 05:18 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 05:18 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 13:14 . 2014-10-10 13:14 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-10-10 00:57 . 2014-11-12 05:15 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-05 19:41 . 2014-10-05 19:41 124184 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-10-03 02:12 . 2014-11-12 05:16 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 05:15 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 05:15 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 05:15 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 05:15 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 05:16 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 05:15 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 05:15 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-12-09 08:45 2369560 ----a-w- c:\program files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 1110360]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HTC Sync"="c:\program files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe" [2010-04-16 180224]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-04-28 220552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2013-12-27 570880]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2014-05-01 12117312]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-12-09 3060248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe /noDisplayLogin [2014-1-10 1667120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys;c:\windows\SYSNATIVE\DRIVERS\btmnet.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe;c:\program files\Citrix\Secure Access Client\nsverctl.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys;c:\windows\SYSNATIVE\DRIVERS\ctxva51.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 19:07]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
- c:\users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 20:44]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
- c:\users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 20:44]
.
2014-12-28 c:\windows\Tasks\HPCeeScheduleForpetra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe" [2011-05-17 50560]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-21 489472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-12-02 21720]
.
------- Doplňkový sken -------
.
uStart Page = https://cag.autocont.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.seznam.cz/?clid=22668
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
mSearch Bar = https://www.seznam.cz/?clid=22668
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: XMLSpy_EditWith_IESupport - c:\program files (x86)\Altova\XMLSpy2015\spy.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: autocont.cz
Trusted Zone: srv-ekomunikace
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{F533918A-A8C5-4CB0-B704-1CDF6E16E34A} - (no file)
WebBrowser-{7BF9DE01-F60A-41F0-B158-ACF52E5F99B8} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-12-30 14:11:40
ComboFix-quarantined-files.txt 2014-12-30 13:11
.
Před spuštěním: Volných bajtů: 167 783 301 120
Po spuštění: Volných bajtů: 167 243 624 448
.
- - End Of File - - ADAE1731EDEE9BB01E476FEE95C2A394
A36C5E4F47E84449FF07ED3517B43A31

petran · #25 Příspěvek od **petran** » 30 pro 2014 14:14

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/30/2014 01:47:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/30/2014 01:50:28 PM
Execution time: 0 hours(s), 3 minute(s), and 5 seconds(s)

#26 Příspěvek od **altrok** » 30 pro 2014 14:43

Odinstalujte

Java(TM) 6 Update 24
Java(TM) 7 Update 5

- jedna se o prehistoricke a hodne derave verze Javy... pokud Javu potrebujete, po odinstalaci techto produktu, stahnete novou

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

DDS::
Trusted Zone: srv-ekomunikace
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

Folder::
C:\ProgramData\Microsoft\Secure\Icons
C:\Users\petra\AppData\Local\YpzPack
C:\Users\petra\AppData\Local\ASworks

File::
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
c:\windows\Tasks\HPCeeScheduleForpetra.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

petran · #27 Příspěvek od **petran** » 30 pro 2014 16:19

ComboFix 14-12-30.01 - petra 30.12.2014 15:48:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3996.1938 [GMT 1:00]
Spuštěný z: c:\users\petra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\petra\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll"
"c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job"
"c:\windows\Tasks\HPCeeScheduleForpetra.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petra\AppData\Local\Temp\VPNA50B.tmp
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
c:\windows\Tasks\HPCeeScheduleForpetra.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-28 do 2014-12-30 )))))))))))))))))))))))))))))))
.
.
2014-12-30 14:57 . 2014-12-30 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-29 19:58 . 2014-12-29 20:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-29 16:49 . 2014-12-30 11:37 -------- d-----w- C:\FRST
2014-12-29 16:12 . 2014-12-29 16:12 -------- d-----w- C:\_OTM
2014-12-28 09:55 . 2014-12-30 15:07 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 09:53 . 2014-12-29 19:57 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 09:53 . 2014-12-28 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-28 09:53 . 2014-12-28 09:53 -------- d-----w- c:\programdata\Malwarebytes
2014-12-28 09:53 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-28 09:53 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-28 09:27 . 2014-12-28 09:27 -------- d-----w- c:\program files\CCleaner
2014-12-28 09:20 . 2014-12-28 22:06 -------- d-----w- c:\program files\trend micro
2014-12-28 09:20 . 2014-12-28 09:21 -------- d-----w- C:\rsit
2014-12-27 18:34 . 2014-12-27 18:34 310272 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp731E.exe
2014-12-18 05:13 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 05:13 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-10 05:34 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 05:34 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 05:34 . 2014-11-22 02:16 276480 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-12-10 05:34 . 2014-11-22 02:06 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-09 08:45 . 2014-12-09 12:45 -------- d-----w- c:\users\petra\AppData\Local\AVG Web TuneUp
2014-12-09 08:45 . 2014-12-09 18:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-12-09 08:45 . 2014-12-09 08:45 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\programdata\AVG Secure Search
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2014-12-09 08:45 . 2014-12-09 08:45 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2014-12-08 21:41 . 2014-12-08 21:41 -------- d-----w- c:\users\petra\Záznamy aplikace Lync
2014-12-08 19:10 . 2014-12-08 19:10 -------- d-----w- c:\users\petra\AppData\Roaming\AVG2015
2014-12-08 19:09 . 2014-12-08 19:09 -------- d-----w- c:\users\petra\AppData\Roaming\TuneUp Software
2014-12-08 19:07 . 2014-12-28 09:02 -------- d-----w- c:\programdata\AVG2015
2014-12-08 19:07 . 2014-12-08 19:07 -------- d-----w- C:\$AVG
2014-12-08 19:06 . 2014-12-08 19:06 -------- d-----w- c:\program files (x86)\AVG
2014-12-08 18:15 . 2014-12-30 07:29 -------- d-----w- c:\programdata\MFAData
2014-12-08 18:15 . 2014-12-09 08:36 -------- d-----w- c:\users\petra\AppData\Local\Avg2015
2014-12-08 18:15 . 2014-12-08 18:15 -------- d-----w- c:\users\petra\AppData\Local\MFAData
2014-12-07 16:37 . 2014-12-07 16:37 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-12-05 11:01 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2B58760-A8F2-412F-B7ED-A65AFC83A6BC}\mpengine.dll
2014-12-05 01:06 . 2014-12-06 06:48 2496928 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2014-12-05 00:59 . 2014-12-05 00:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-12-05 00:59 . 2014-12-05 00:59 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\program files\Application Verifier
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\program files (x86)\Application Verifier
2014-12-05 00:58 . 2014-12-05 00:58 -------- d-----w- c:\programdata\Windows App Certification Kit
2014-12-05 00:57 . 2014-12-05 00:57 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2014-12-05 00:57 . 2014-12-05 00:57 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-12-05 00:54 . 2014-12-05 00:55 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-05 00:53 . 2014-12-05 00:54 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2014-12-05 00:53 . 2014-12-05 00:53 -------- d-----w- c:\program files\Microsoft
2014-12-05 00:52 . 2014-12-05 00:53 -------- d-----w- c:\program files (x86)\IIS Express
2014-12-05 00:52 . 2014-12-05 00:53 -------- d-----w- c:\program files\IIS Express
2014-12-05 00:52 . 2014-12-05 00:52 -------- d-----w- c:\program files (x86)\NuGet
2014-12-05 00:52 . 2014-12-05 00:52 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2014-12-05 00:50 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-12-05 00:49 . 2014-12-05 00:49 -------- d-----w- c:\program files (x86)\Windows Kits
2014-12-05 00:44 . 2014-12-05 00:44 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2014-12-05 00:43 . 2014-12-05 00:43 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2014-12-05 00:41 . 2014-12-05 00:47 -------- d-----w- c:\windows\SysWow64\1033
2014-12-05 00:41 . 2014-12-05 01:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-12-05 00:41 . 2014-12-05 01:00 -------- d-----w- c:\program files\Microsoft SQL Server
2014-12-05 00:37 . 2014-12-05 00:39 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-12-05 00:36 . 2014-12-05 01:03 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2014-12-05 00:36 . 2014-12-05 00:41 -------- d-----w- c:\windows\system32\1033
2014-12-05 00:36 . 2014-12-05 00:36 -------- d-----w- c:\windows\symbols
2014-12-05 00:36 . 2014-12-05 01:02 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-12-05 00:36 . 2014-12-05 00:36 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2014-12-05 00:17 . 2014-12-18 04:57 -------- d-----w- c:\programdata\Package Cache
2014-12-05 00:17 . 2014-12-05 00:17 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-12-04 12:51 . 2014-12-04 12:51 -------- d-----w- c:\programdata\Applications
2014-12-04 12:50 . 2014-12-06 06:57 -------- d-----w- c:\program files\Microsoft Lync
2014-12-04 12:50 . 2014-12-28 12:59 -------- d-----w- c:\program files (x86)\Microsoft Lync
2014-12-04 12:49 . 2014-12-30 08:04 -------- d-----w- c:\users\petra\Tracing
2014-12-04 12:49 . 2014-12-04 12:49 -------- d-----w- c:\program files (x86)\OCSetup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 15:18 . 2010-12-19 15:13 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-09 19:07 . 2014-03-05 13:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 19:07 . 2014-03-05 13:21 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-11-19 05:19 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 05:19 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 05:19 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 05:19 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 13:30 . 2011-01-17 20:45 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-29 20:35 . 2014-10-29 20:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-10-25 01:57 . 2014-11-12 05:15 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 05:15 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 05:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 05:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 05:18 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 05:18 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:12 . 2014-11-12 05:18 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 05:18 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 05:18 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 05:18 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:49 . 2014-11-12 05:18 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 05:18 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 05:18 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 13:14 . 2014-10-10 13:14 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-10-10 00:57 . 2014-11-12 05:15 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-05 19:41 . 2014-10-05 19:41 124184 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-10-03 02:12 . 2014-11-12 05:16 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 05:15 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 05:15 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 05:15 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 05:15 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 05:16 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 05:15 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 05:15 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-12-09 08:45 2369560 ----a-w- c:\program files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 1110360]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"HTC Sync"="c:\program files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe" [2010-04-16 180224]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-04-28 220552]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2013-12-27 570880]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2014-05-01 12117312]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-12-09 3060248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe /noDisplayLogin [2014-1-10 1667120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys;c:\windows\SYSNATIVE\DRIVERS\btmnet.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe;c:\program files\Citrix\Secure Access Client\nsverctl.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys;c:\windows\SYSNATIVE\DRIVERS\ctxva51.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe" [2011-05-17 50560]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-21 489472]
.
------- Doplňkový sken -------
.
uStart Page = https://cag.autocont.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.seznam.cz/?clid=22668
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
mSearch Bar = https://www.seznam.cz/?clid=22668
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: XMLSpy_EditWith_IESupport - c:\program files (x86)\Altova\XMLSpy2015\spy.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: autocont.cz
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{F533918A-A8C5-4CB0-B704-1CDF6E16E34A} - (no file)
WebBrowser-{7BF9DE01-F60A-41F0-B158-ACF52E5F99B8} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2014-12-30 16:18:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-30 15:18
ComboFix2.txt 2014-12-30 13:11
.
Před spuštěním: Volných bajtů: 167 174 901 760
Po spuštění: Volných bajtů: 166 750 789 632
.
- - End Of File - - 211D76E19D8B75FC8F41DEAFC2E5BC9D
A36C5E4F47E84449FF07ED3517B43A31

#28 Příspěvek od **altrok** » 30 pro 2014 16:53

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

petran · #29 Příspěvek od **petran** » 30 pro 2014 17:11

# AdwCleaner v4.106 - Report created 30/12/2014 at 17:06:52
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : petra - PETRA-HP
# Running from : C:\Users\petra\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.10

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\petra\AppData\Local\MaxiGet Download Manager
Folder Deleted : C:\Users\petra\AppData\Local\Maxiget
Folder Deleted : C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{737B82B4-4313-442A-B155-9D7CEABE955A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6C13DEC-BE6A-4253-B87E-5B76BA964E8C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9197 octets] - [21/09/2014 20:05:52]
AdwCleaner[R1].txt - [913 octets] - [21/09/2014 20:12:58]
AdwCleaner[R2].txt - [4890 octets] - [30/12/2014 17:00:19]
AdwCleaner[R3].txt - [4950 octets] - [30/12/2014 17:03:14]
AdwCleaner[S0].txt - [8584 octets] - [21/09/2014 20:08:16]
AdwCleaner[S1].txt - [973 octets] - [21/09/2014 20:16:05]
AdwCleaner[S2].txt - [4711 octets] - [30/12/2014 17:06:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4771 octets] ##########

#30 Příspěvek od **altrok** » 30 pro 2014 17:57

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

VIRY.CZ

nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace