VIRY.CZ

Prosím začalo to tím,že PC přestal vidět připojené periferie (nepřipojím k PC mobil,skener...),dále přestal fungovat internet (PC síť vůbec nevidí,říká neznámá síť a nelze ho přiojit a to ani v nouzovém režimu). Na pozadí stále něco běží...vytížení procesoru při zapnutém kabelu k internetu 95% a když kabel od PC odpojím tak cca 60%.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2014-06-10 11:02:36
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 17 GB (15%) free of 114 GB
Total RAM: 5884 MB (73% free)

HijackThis download failed

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {95F2C22A-C2D4-42E2-8B2D-035232E8313B}
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\AutoKMS.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\cmd.exe /c ""C:\ProgramData\AutoKMS\AutoKMS.cmd" "
\??\C:\Windows\system32\conhost.exe "-1795998828-12418290302082676748-1559967744-8732077541322596954-1658320381331990905
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\ProgramData\Boxtools\Toolbox.exe" -autorun
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\CtHelper.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe"
"C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe" -monitor 448
"C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe"
"C:\Program Files (x86)\Settings Manager\systemk\systemku.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"Resources\MSGBox\Messagebox.exe" "AutoKMS Failed To Activate Office 2010 25 Times!\n\nIf Office Is Not Activated, Needs To Repair Itself Or AutoKMS Says It Failed, There May Be An Issue With Your License Data!\n\nBe Sure To Check Your Activation Status!\n\nIf Office Is Not Activated/Has Problems Consider Using My Toolkit To Delete License Data.\n\nThen Let Office Repair And Use The Toolkit's Attempt Activation Option A Few Times To See If You Can Activate!" "Office 2010 AutoKMS 1.4.0.5 By CODYQX4" OK
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"D:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\synology.com/SurveillancePlugin]
"Description"=
"Path"=C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.64\npSurveillancePlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\extensions\
firefoxdav@icloud.com
{34FA153F-3A2C-364C-E68F-3F8A21AA8D9D}

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\searchplugins\
default-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-26 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-26 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1283e7d0-b598-4b2d-a20f-59a9dde270a8}
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Boxoft Tools"=C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioThk32Reg]
REGSVR32.EXE /S CTASIO.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
E:\iso\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-02-11 417304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"CTHelper"=CTHELPER.EXE []
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2012-06-28 74752]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-12 43848]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-06-07 3873704]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-05-15 152392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-10 11:02:36 ----D---- C:\rsit
2014-06-10 11:02:36 ----D---- C:\Program Files\trend micro
2014-06-10 10:51:34 ----A---- C:\Windows\{00000003-00000000-00000000-00001102-00000004-20061102}.BAK
2014-06-08 17:01:48 ----D---- C:\ProgramData\AutoKMS
2014-06-07 22:50:03 ----A---- C:\Windows\wininit.ini
2014-06-06 21:29:51 ----D---- C:\ProgramData\Sony
2014-06-05 19:22:03 ----D---- C:\Program Files (x86)\Advanced Disk Recovery
2014-06-05 19:16:57 ----D---- C:\Program Files (x86)\Advanced System Protector
2014-06-05 19:16:47 ----D---- C:\Users\Michal\AppData\Roaming\Advanced System Protector
2014-06-05 19:16:32 ----D---- C:\Users\Michal\AppData\Roaming\systweak
2014-06-05 19:16:32 ----D---- C:\ProgramData\systemk
2014-06-05 19:15:43 ----D---- C:\Program Files (x86)\Settings Manager
2014-06-04 21:32:21 ----D---- C:\ProgramData\InstallMate
2014-06-04 20:20:10 ----D---- C:\Users\Michal\AppData\Roaming\Xi
2014-05-16 18:43:48 ----D---- C:\Program Files\iPod
2014-05-16 18:43:47 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 18:43:47 ----D---- C:\Program Files\iTunes
2014-05-16 18:43:47 ----D---- C:\Program Files (x86)\iTunes
2014-05-15 22:50:22 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 22:50:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 22:50:22 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 22:50:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-15 19:42:01 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 19:42:00 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 19:41:56 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 19:41:55 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 19:41:04 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 19:41:03 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 19:41:02 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-15 19:41:02 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-15 19:41:02 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 19:41:01 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 19:41:01 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 19:41:01 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 19:41:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 19:41:01 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 19:41:00 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 19:41:00 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 19:41:00 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 19:41:00 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 19:40:59 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 19:40:59 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 19:40:58 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-15 19:40:58 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 19:40:58 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-15 19:40:58 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 19:40:58 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 19:40:58 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 19:40:58 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 19:40:58 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 19:40:58 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 19:40:58 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 19:40:58 ----A---- C:\Windows\system32\credssp.dll

======List of files/folders modified in the last 1 month======

2014-06-10 11:02:36 ----RD---- C:\Program Files
2014-06-10 11:02:32 ----D---- C:\Temp
2014-06-10 10:58:27 ----D---- C:\Windows\inf
2014-06-10 10:54:30 ----D---- C:\Windows
2014-06-10 10:48:20 ----RSD---- C:\Windows\Fonts
2014-06-10 10:48:06 ----D---- C:\Windows\SoftwareDistribution
2014-06-09 23:22:41 ----D---- C:\Windows\Minidump
2014-06-09 22:25:33 ----RD---- C:\Program Files (x86)
2014-06-09 21:43:35 ----D---- C:\Windows\system32\config
2014-06-09 21:20:17 ----D---- C:\Windows\system32\drivers\etc
2014-06-08 20:44:37 ----D---- C:\ProgramData\Sony Mobile
2014-06-08 20:44:35 ----D---- C:\Program Files (x86)\Sony Mobile
2014-06-08 20:43:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-08 17:51:46 ----D---- C:\Windows\system32\NDF
2014-06-08 17:03:12 ----D---- C:\ProgramData\Boxtools
2014-06-08 17:01:48 ----HD---- C:\ProgramData
2014-06-07 22:50:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-07 21:59:38 ----D---- C:\Windows\system32\DriverStore
2014-06-07 21:59:38 ----D---- C:\Windows\system32\catroot
2014-06-07 21:55:03 ----D---- C:\Windows\system32\catroot2
2014-06-07 21:43:17 ----D---- C:\Windows\Temp
2014-06-07 21:41:46 ----SHD---- C:\System Volume Information
2014-06-07 21:40:57 ----D---- C:\Windows\system32\Tasks
2014-06-07 21:40:42 ----D---- C:\Windows\system32\drivers
2014-06-07 21:34:41 ----D---- C:\Windows\system32\wbem
2014-06-07 21:33:36 ----D---- C:\Windows\Tasks
2014-06-07 21:33:36 ----D---- C:\Windows\SysWOW64
2014-06-07 21:33:36 ----D---- C:\Windows\system32\wfp
2014-06-07 21:33:36 ----D---- C:\Windows\system32\CodeIntegrity
2014-06-07 21:33:36 ----D---- C:\Windows\System32
2014-06-07 21:33:36 ----D---- C:\Program Files\Internet Explorer
2014-06-07 21:33:35 ----SHD---- C:\Windows\Installer
2014-06-07 21:33:10 ----D---- C:\Windows\registration
2014-06-07 21:32:38 ----D---- C:\ProgramData\hps
2014-06-06 22:01:20 ----D---- C:\Windows\Prefetch
2014-05-30 22:23:19 ----D---- C:\ProgramData\tmp
2014-05-25 14:58:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-18 16:52:46 ----D---- C:\Windows\rescache
2014-05-16 22:30:25 ----D---- C:\Windows\Microsoft.NET
2014-05-16 22:29:39 ----RSD---- C:\Windows\assembly
2014-05-16 22:13:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-16 21:59:38 ----D---- C:\Windows\debug
2014-05-16 20:16:53 ----D---- C:\Program Files (x86)\TeamViewer
2014-05-16 18:29:37 ----D---- C:\Windows\winsxs
2014-05-16 18:26:12 ----SD---- C:\Windows\system32\CompatTel
2014-05-16 18:26:06 ----D---- C:\Windows\system32\cs-CZ
2014-05-16 18:26:06 ----D---- C:\Windows\PolicyDefinitions
2014-05-15 22:50:04 ----D---- C:\Windows\system32\MRT
2014-05-15 22:48:28 ----A---- C:\Windows\system32\MRT.exe
2014-05-11 14:42:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-26 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-26 208416]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2014-04-26 28184]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-26 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-15 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-15 423240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-30 283200]
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [2014-05-25 36240]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-04-26 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-26 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-15 85328]
R3 BENDER;Pinnacle DV/AV Capture; C:\Windows\system32\drivers\bender64.sys [2006-12-13 253568]
R3 busenum;Synology Virtual USB Hub; C:\Windows\system32\DRIVERS\busenum.sys [2012-08-03 55776]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2010-03-18 580696]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2010-03-18 866264]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2010-03-18 16984]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2010-03-18 290392]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2010-03-18 147544]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2010-03-18 1360984]
R3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2010-03-18 259672]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2010-03-18 221272]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL []
S3 COMMONFX;COMMONFX; C:\Windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-10 252712]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL []
S3 CTAUDFX;CTAUDFX; C:\Windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-10 219432]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-10 321832]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-10 190248]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-10 363304]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL []
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
S3 CTERFXFX;CTERFXFX; C:\Windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-10 1571112]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-10 123688]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL []
S3 CTSBLFX;CTSBLFX; C:\Windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-04-16 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-04-16 27760]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2010-03-18 295000]
S3 mdf16;mdf16; \??\C:\Users\Michal\AppData\Local\Temp\mdf16.sys [2013-01-17 20400]
S3 mvd23;mvd23; \??\C:\Users\Michal\AppData\Local\Temp\mvd23.sys [2013-01-17 99248]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-26 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 SystemkService2;Systemk Service2; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [2014-05-25 3543056]
R2 UsbClientService;UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2013-04-30 248704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-05-15 641352]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-04-26 109048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 116648]
S2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SynoDrService;SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2013-04-24 381312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-30 79360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Při spuštění Combofixu se zobrazila zpráva Error saving file C:Windows \erdnt\Hiv -backup \SYSTEM Continue with the next file?Přístup byl odepřen. Mám to potvrdit?

Ano, odkliknete jej

Tak tady to je snad vše...
Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/10/2014 12:05:21 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\AutoKMS.exe (PID: 1604) [WD-HEUR]
* C:\ProgramData\Boxtools\Toolbox.exe (PID: 2420) [AU-HEUR]
* C:\ProgramData\AutoKMS\Resources\MSGBox\Messagebox.exe (PID: 6552) [AU-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15330 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 06/10/2014 12:06:12 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)

ComboFix 14-06-10.01 - Michal 10.06.2014 12:19:35.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.5884.4436 [GMT 2:00]
Spuštěný z: c:\users\Michal\Documents\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\CddbCdda.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-10 do 2014-06-10 )))))))))))))))))))))))))))))))
.
.
2014-06-10 09:02 . 2014-06-10 09:02 -------- d-----w- C:\rsit
2014-06-10 09:02 . 2014-06-10 09:02 -------- d-----w- c:\program files\trend micro
2014-06-07 19:40 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C4EC9F3-0F76-4715-B2D6-FC90B6CD8B15}\mpengine.dll
2014-06-06 19:29 . 2014-06-06 19:29 -------- d-----w- c:\programdata\Sony
2014-06-05 17:22 . 2014-06-07 19:33 -------- d-----w- c:\program files (x86)\Advanced Disk Recovery
2014-06-05 17:16 . 2014-06-05 17:21 -------- d-----w- c:\program files (x86)\Advanced System Protector
2014-06-05 17:16 . 2014-06-05 17:17 -------- d-----w- c:\users\Michal\AppData\Roaming\Advanced System Protector
2014-06-05 17:16 . 2014-06-10 10:37 -------- d-----w- c:\programdata\systemk
2014-06-05 17:16 . 2014-06-05 20:28 -------- d-----w- c:\users\Michal\AppData\Roaming\systweak
2014-06-05 17:15 . 2014-06-05 17:15 -------- d-----w- c:\program files (x86)\Settings Manager
2014-06-04 19:32 . 2014-06-04 19:32 -------- d-----w- c:\programdata\InstallMate
2014-06-04 18:44 . 2014-06-04 18:44 -------- d-sh--w- c:\users\Michal\AppData\Local\EmieUserList
2014-06-04 18:44 . 2014-06-04 18:44 -------- d-sh--w- c:\users\Michal\AppData\Local\EmieSiteList
2014-06-04 18:20 . 2014-06-04 18:20 -------- d-----w- c:\users\Michal\AppData\Roaming\Xi
2014-05-16 16:43 . 2014-06-07 19:32 -------- d-----w- c:\program files\iPod
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\program files\iTunes
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\program files (x86)\iTunes
2014-05-15 20:50 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 20:50 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 20:50 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 20:50 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 17:42 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 17:40 . 2014-04-12 02:22 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 20:13 . 2012-04-30 05:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 20:13 . 2012-04-30 05:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 20:48 . 2012-04-30 05:57 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-15 17:34 . 2014-04-26 18:14 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 17:34 . 2012-04-30 08:14 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 17:34 . 2012-04-30 08:14 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-04-26 18:14 . 2014-04-26 18:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-26 18:14 . 2013-03-07 21:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-26 18:14 . 2013-03-07 21:15 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-26 18:14 . 2012-04-30 08:14 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-26 18:14 . 2012-04-30 08:14 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-26 18:14 . 2012-04-30 08:14 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-26 18:14 . 2014-04-26 18:14 43152 ----a-w- c:\windows\avastSS.scr
2014-04-26 18:14 . 2013-04-18 17:04 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-04-16 17:43 . 2014-04-16 17:43 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 17:43 . 2014-04-16 17:43 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-03-31 07:35 . 2012-04-29 20:49 270496 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-07 3873704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="e:\iso\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mdf16;mdf16;c:\users\Michal\AppData\Local\Temp\mdf16.sys;c:\users\Michal\AppData\Local\Temp\mdf16.sys [x]
R3 mvd23;mvd23;c:\users\Michal\AppData\Local\Temp\mvd23.sys;c:\users\Michal\AppData\Local\Temp\mvd23.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SystemkService2;Systemk Service2;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender64.sys;c:\windows\SYSNATIVE\drivers\bender64.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 06:55 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 20:13]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 20:19]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-26 18:14 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{1283e7d0-b598-4b2d-a20f-59a9dde270a8} - (no file)
Toolbar-{1283e7d0-b598-4b2d-a20f-59a9dde270a8} - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\AutoKMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Settings Manager\systemk\systemku.exe
c:\windows\SysWOW64\CtHelper.exe
c:\programdata\Boxtools\Toolbox.exe
.
**************************************************************************
.
Celkový čas: 2014-06-10 12:43:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-10 10:43
.
Před spuštěním: Volných bajtů: 17 961 889 792
Po spuštění: Volných bajtů: 18 464 239 616
.
- - End Of File - - 0A03264E7FB6EC27E822EE15FED540B0
A36C5E4F47E84449FF07ED3517B43A31

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Tady je prosím...
# AdwCleaner v3.212 - Report created 10/06/2014 at 13:17:38
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Michal - STOLNI_PC
# Running from : C:\Users\Michal\Documents\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222
[#] Service Deleted : SystemkService2

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
[!] Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Michal\AppData\Local\Conduit
Folder Deleted : C:\Users\Michal\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michal\AppData\LocalLow\flvto.com_Freecorder
Folder Deleted : C:\Users\Michal\AppData\Roaming\Advanced System Protector
Folder Deleted : C:\Users\Michal\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\Extensions\firefoxdav@icloud.com
Folder Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
File Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\searchplugins\default-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F525BEA-6A98-4617-A6CC-925EEE0CA5F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C5E9976-52B5-4601-BFF6-DE9D618B2617}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47B80EF1-913C-47AD-AF56-5CEC58FA4ABE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1283E7D0-B598-4B2D-A20F-59A9DDE270A8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1283E7D0-B598-4B2D-A20F-59A9DDE270A8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\flvto.com_Freecorder
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\flvto.com_Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://www.default-search.net?sid=498&aid=121& ... 69&src=hmp
Deleted [Homepage] : hxxp://www.default-search.net?sid=498&aid=121& ... 69&src=hmp
Deleted [Extension] : dlfienamagdnkekbbbocojppncdambda

*************************

AdwCleaner[R0].txt - [4450 octets] - [10/06/2014 13:16:58]
AdwCleaner[S0].txt - [4349 octets] - [10/06/2014 13:17:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4409 octets] ##########

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Michal at 13:50:20 on 2014-06-10
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.5884.4381 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\AutoKMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\ProgramData\Boxtools\Toolbox.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\AutoKMS\Resources\MSGBox\Messagebox.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Nokia.PCSync] E:\iso\Nokia PC Suite 6\PcSync2.exe /NoDialog
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.64\npSurveillancePlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-7 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-7 208416]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-4-18 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-4-30 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-4-30 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-30 283200]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-26 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-4-30 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-26 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-26 50344]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-25 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-25 168384]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2013-4-30 248704]
R3 BENDER;Pinnacle DV/AV Capture;C:\Windows\System32\drivers\bender64.sys [2006-12-13 253568]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 646248]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-26 109048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-25 1103392]
S2 SynoDrService;SynoDrService;C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2013-4-24 381312]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-4-30 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-4-16 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-16 111616]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 StorSvc;Služba úložiště;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
.
=============== Created Last 30 ================
.
2014-06-10 11:16:54 -------- d-----w- C:\AdwCleaner
2014-06-10 10:43:50 -------- d-----w- C:\Users\Michal\AppData\Local\temp
2014-06-10 10:37:51 -------- d-----w- C:\$RECYCLE.BIN
2014-06-10 10:37:31 -------- d-----w- C:\ProgramData\AutoKMS
2014-06-10 10:18:00 98816 ----a-w- C:\Windows\sed.exe
2014-06-10 10:18:00 256000 ----a-w- C:\Windows\PEV.exe
2014-06-10 10:18:00 208896 ----a-w- C:\Windows\MBR.exe
2014-06-10 09:02:36 -------- d-----w- C:\Program Files\trend micro
2014-06-07 19:40:16 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C4EC9F3-0F76-4715-B2D6-FC90B6CD8B15}\mpengine.dll
2014-06-05 17:22:03 -------- d-----w- C:\Program Files (x86)\Advanced Disk Recovery
2014-06-05 17:16:32 -------- d-----w- C:\ProgramData\systemk
2014-06-04 19:32:21 -------- d-----w- C:\ProgramData\InstallMate
2014-06-04 18:44:06 -------- d-sh--w- C:\Users\Michal\AppData\Local\EmieUserList
2014-06-04 18:44:06 -------- d-sh--w- C:\Users\Michal\AppData\Local\EmieSiteList
2014-06-04 18:20:10 -------- d-----w- C:\Users\Michal\AppData\Roaming\Xi
2014-05-16 16:43:48 -------- d-----w- C:\Program Files\iPod
2014-05-16 16:43:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 16:43:47 -------- d-----w- C:\Program Files\iTunes
2014-05-16 16:43:47 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-15 20:50:21 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 20:50:21 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-15 17:40:59 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
.
==================== Find3M ====================
.
2014-05-16 20:13:21 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 20:13:21 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-15 17:34:18 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 17:34:18 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-26 18:14:27 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-26 18:14:27 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-26 18:14:27 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-26 18:14:27 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-26 18:14:27 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-26 18:14:26 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-26 18:14:23 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-04-16 17:43:44 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2014-04-16 17:43:44 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 07:35:08 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:50:35,66 ===============

Odinstalujte Spybot - Search & Destroy 2 - ma uz nejlepsi za sebou

Ty nelegalni Office tez nejsou to nejlepsi pro PC

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  C:\Program Files (x86)\Spybot - Search & Destroy 2
  C:\ProgramData\Boxtools
  C:\ProgramData\AutoKMS
  C:\Program Files (x86)\Advanced Disk Recovery
  C:\ProgramData\systemk
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
  uRun: [DAEMON Tools Lite]
  uRun: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
  mRun: [Adobe ARM] 
  mRun: [BCSSync]
  mRun: [NBAgent]
  mRun: [WinampAgent]
  mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
  mRun: [SunJavaUpdateSched]
  mRun: [QuickTime Task]
  mRun: [iTunesHelper]
  dRun: [Nokia.PCSync]
  
  Driver::
  NAUpdate
  SDUpdateService
  SDWSCService
  SDScannerService
  F06DEFF2-5B9C-490D-910F-35D3A91196222
  SystemkService2
  mdf16
  mvd23
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Když ComboFix dokončuje report, vždy se objeví okno:
C:/Windows/system32/GfxUI.exe
Zařízení připojené k systému nefunguje.
A zde je ten log:¨
ComboFix 14-06-10.01 - Michal 10.06.2014 14:30:59.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.5884.4026 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Advanced Disk Recovery
c:\program files (x86)\Advanced Disk Recovery\pt-br\aso.ini
c:\program files (x86)\Advanced Disk Recovery\pt-br\checkupdate.ini
c:\program files (x86)\Advanced Disk Recovery\unins000.dat
c:\programdata\Boxtools
c:\programdata\Boxtools\apdfproduction.dat
c:\programdata\Boxtools\Boxofttoolbox.exe
c:\programdata\Boxtools\midas.dll
c:\programdata\Boxtools\News.txt
c:\programdata\Boxtools\PCTools.exe
c:\programdata\Boxtools\pctoolsversion.txt
c:\programdata\Boxtools\Progress.gif
c:\programdata\Boxtools\ServerWeb.txt
c:\programdata\Boxtools\Toolbox.exe
c:\programdata\Boxtools\Uninstall.exe
c:\programdata\Boxtools\Update.txt
c:\programdata\Boxtools\Version.txt
c:\programdata\systemk
c:\programdata\systemk\stats.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A91196222
-------\Legacy_MDF16
-------\Legacy_MVD23
-------\Service_mdf16
-------\Service_mvd23
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-10 do 2014-06-10 )))))))))))))))))))))))))))))))
.
.
2014-06-10 12:39 . 2014-06-10 12:40 -------- d-----w- c:\programdata\AutoKMS
2014-06-10 12:37 . 2014-06-10 12:37 -------- d-----w- c:\users\Michal\AppData\Local\temp
2014-06-10 12:37 . 2014-06-10 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-10 11:16 . 2014-06-10 11:17 -------- d-----w- C:\AdwCleaner
2014-06-10 09:02 . 2014-06-10 09:02 -------- d-----w- C:\rsit
2014-06-10 09:02 . 2014-06-10 09:02 -------- d-----w- c:\program files\trend micro
2014-06-07 19:40 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C4EC9F3-0F76-4715-B2D6-FC90B6CD8B15}\mpengine.dll
2014-06-06 19:29 . 2014-06-06 19:29 -------- d-----w- c:\programdata\Sony
2014-06-04 19:32 . 2014-06-04 19:32 -------- d-----w- c:\programdata\InstallMate
2014-06-04 18:44 . 2014-06-04 18:44 -------- d-sh--w- c:\users\Michal\AppData\Local\EmieUserList
2014-06-04 18:44 . 2014-06-04 18:44 -------- d-sh--w- c:\users\Michal\AppData\Local\EmieSiteList
2014-06-04 18:20 . 2014-06-04 18:20 -------- d-----w- c:\users\Michal\AppData\Roaming\Xi
2014-05-16 16:43 . 2014-06-07 19:32 -------- d-----w- c:\program files\iPod
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\program files\iTunes
2014-05-16 16:43 . 2014-06-07 19:33 -------- d-----w- c:\program files (x86)\iTunes
2014-05-15 20:50 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 20:50 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 20:50 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 20:50 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 17:42 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 17:40 . 2014-04-12 02:22 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 20:13 . 2012-04-30 05:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 20:13 . 2012-04-30 05:51 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 20:48 . 2012-04-30 05:57 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-15 17:34 . 2014-04-26 18:14 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 17:34 . 2012-04-30 08:14 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 17:34 . 2012-04-30 08:14 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-04-26 18:14 . 2014-04-26 18:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-26 18:14 . 2013-03-07 21:15 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-26 18:14 . 2013-03-07 21:15 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-26 18:14 . 2012-04-30 08:14 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-26 18:14 . 2012-04-30 08:14 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-26 18:14 . 2012-04-30 08:14 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-26 18:14 . 2014-04-26 18:14 43152 ----a-w- c:\windows\avastSS.scr
2014-04-26 18:14 . 2013-04-18 17:04 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-04-16 17:43 . 2014-04-16 17:43 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 17:43 . 2014-04-16 17:43 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-03-31 07:35 . 2012-04-29 20:49 270496 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-07 3873704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="e:\iso\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender64.sys;c:\windows\SYSNATIVE\drivers\bender64.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 06:55 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 20:13]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 20:19]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-26 18:14 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\AutoKMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\CtHelper.exe
c:\programdata\AutoKMS\Resources\MSGBox\Messagebox.exe
.
**************************************************************************
.
Celkový čas: 2014-06-10 14:45:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-10 12:45
ComboFix2.txt 2014-06-10 10:43
.
Před spuštěním: Volných bajtů: 18 696 032 256
Po spuštění: Volných bajtů: 18 257 719 296
.
- - End Of File - - 19820318A3FBC2E8A3CD06121F96B35A
A36C5E4F47E84449FF07ED3517B43A31

Dejte FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Nevím, jestli je to důležité, ale zjistil jsem, že to velké vytěžování procesoru (i když je PC v klidu ) má na starosti jeden schvost.exe (LocalSystemNetworkRestricted).
Skaner a tiskárna již počítač vidí, moc díky. Mobil zatím nelze s PC spojit a net taky nejde.Ale při rozbalení Avastu stále mi to hlásí, že nelze spustit a zapnout firewal.
Teď prosím ten FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Michal (administrator) on STOLNI_PC on 10-06-2014 15:23:48
Running from C:\Users\Michal\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\AutoKMS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\AutoKMS\Resources\MSGBox\Messagebox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-06-07] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Nokia.PCSync] => E:\iso\Nokia PC Suite 6\PcSync2.exe [1744896 2007-03-27] (Time Information Services Ltd.)
HKU\S-1-5-21-1439341086-3899214309-3782603208-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1439341086-3899214309-3782603208-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... earchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File
Toolbar: HKLM-x32 - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://seznam.cz/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillancePlugin - C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.64\npSurveillancePlugin.dll (Synology)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Settings Manager - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\lazupztj.default\Extensions\{34FA153F-3A2C-364C-E68F-3F8A21AA8D9D} [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-30]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-26] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-04-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [292864 2007-03-26] (Nokia.) [File not signed]
S2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-26] ()
R3 BENDER; C:\Windows\System32\drivers\bender64.sys [253568 2006-12-13] (Pinnacle Systems)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-30] (DT Soft Ltd)
S0 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 15:23 - 2014-06-10 15:24 - 00012127 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\FRST
2014-06-10 15:20 - 2014-06-10 13:03 - 00000000 _____ () C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-06-10 15:20 - 2014-06-10 13:02 - 02080768 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-06-10 14:45 - 2014-06-10 14:45 - 00019615 _____ () C:\ComboFix.txt
2014-06-10 14:39 - 2014-06-10 14:42 - 00000000 ____D () C:\ProgramData\AutoKMS
2014-06-10 14:21 - 2014-06-10 12:12 - 05205915 ____R (Swearware) C:\Users\Michal\Desktop\ComboFix.exe
2014-06-10 13:16 - 2014-06-10 13:17 - 00000000 ____D () C:\AdwCleaner
2014-06-10 12:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 12:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 12:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 12:17 - 2014-06-10 14:45 - 00000000 ____D () C:\Qoobox
2014-06-10 12:09 - 2014-06-10 14:37 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\rsit
2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\Program Files\trend micro
2014-06-10 10:54 - 2014-06-10 14:39 - 00001922 _____ () C:\Windows\PFRO.log
2014-06-10 10:51 - 2014-06-10 14:28 - 04931577 _____ () C:\Windows\{00000003-00000000-00000000-00001102-00000004-20061102}.BAK
2014-06-10 10:46 - 2014-06-10 14:44 - 00047948 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 10:41 - 2014-06-10 14:39 - 00000336 _____ () C:\Windows\setupact.log
2014-06-10 10:41 - 2014-06-10 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-09 23:04 - 2011-02-15 15:14 - 00665064 _____ (Crawler Inc. ) C:\Users\Michal\Downloads\SpywareTerminatorSetup.exe
2014-06-08 20:34 - 2014-06-08 20:34 - 00000000 ____D () C:\Users\Michal\Downloads\backups
2014-06-08 20:33 - 2014-06-09 21:24 - 00011519 _____ () C:\Users\Michal\Downloads\hijackthis.log
2014-06-07 22:50 - 2014-06-07 22:50 - 00000555 _____ () C:\Windows\wininit.ini
2014-06-07 21:42 - 2014-06-07 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-06 21:29 - 2014-06-06 21:29 - 00000000 ____D () C:\ProgramData\Sony
2014-06-05 20:16 - 2014-06-05 20:16 - 00006799 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.scn
2014-06-05 20:13 - 2014-06-05 20:13 - 01972360 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi.A.index
2014-06-05 20:13 - 2014-06-05 20:13 - 01183472 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi.index
2014-06-05 19:18 - 2014-06-05 19:49 - 427227930 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi
2014-06-04 22:46 - 2014-06-07 21:33 - 00000000 ____D () C:\Users\Michal\Documents\StreamTransport
2014-06-04 22:15 - 2014-06-04 22:15 - 03704734 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4_1.flv
2014-06-04 22:03 - 2014-06-04 22:03 - 00000000 ____D () C:\Users\Michal\Downloads\Jirkova-promoce
2014-06-04 22:02 - 2014-06-04 22:02 - 09320472 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4_0.flv
2014-06-04 21:49 - 2014-06-04 22:38 - 409112218 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.flv
2014-06-04 21:46 - 2014-06-04 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-06-04 21:32 - 2014-06-04 21:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-04 20:54 - 2014-06-04 21:06 - 211247285 _____ () C:\Users\Michal\Downloads\Jirkova-promoce.rar
2014-06-04 20:20 - 2014-06-04 20:20 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Xi
2014-06-03 22:12 - 2014-06-03 22:12 - 01218800 _____ () C:\Users\Michal\Downloads\avantasia-live-at-wacken-2011-peko.avi.index
2014-06-03 22:12 - 2014-06-03 22:12 - 00609400 _____ () C:\Users\Michal\Downloads\avantasia-live-at-wacken-2011-peko.avi.A.index
2014-06-01 11:59 - 2014-06-01 11:59 - 00000669 _____ () C:\Users\Michal\Downloads\číňané(1).ppt
2014-05-25 21:16 - 2014-06-06 19:43 - 00000000 ____D () C:\Users\Michal\Desktop\Jirka ŠAfka
2014-05-18 15:10 - 2014-06-07 21:38 - 00000000 ____D () C:\Users\Michal\Desktop\Songs
2014-05-16 19:11 - 2014-05-16 19:11 - 01572498 _____ () C:\Users\Michal\Downloads\pokrevni-pouta-2-zlata-lilie.epub
2014-05-16 18:45 - 2014-06-07 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 18:45 - 2014-05-16 18:45 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-16 18:43 - 2014-06-07 21:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 18:43 - 2014-06-07 21:33 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 18:43 - 2014-06-07 21:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 18:43 - 2014-06-07 21:32 - 00000000 ____D () C:\Program Files\iPod
2014-05-15 22:50 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:50 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:50 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:50 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:50 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:50 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 19:41 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 19:41 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 19:41 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 19:41 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 19:41 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 19:41 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 19:41 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 19:41 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 19:41 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 19:41 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 19:41 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 19:41 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 19:41 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 19:41 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 19:41 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 19:41 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 19:40 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 19:40 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 19:40 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 19:40 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 19:40 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 19:40 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 19:40 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 19:40 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 19:40 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 19:40 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 19:40 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 19:40 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 19:40 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-10 15:24 - 2014-06-10 15:23 - 00012127 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-06-10 15:24 - 2012-04-30 13:26 - 00000000 ____D () C:\Temp
2014-06-10 15:23 - 2014-06-10 15:23 - 00000000 ____D () C:\FRST
2014-06-10 15:13 - 2012-04-30 07:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 14:54 - 2012-08-11 22:36 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 14:48 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 14:48 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 14:45 - 2014-06-10 14:45 - 00019615 _____ () C:\ComboFix.txt
2014-06-10 14:45 - 2014-06-10 12:17 - 00000000 ____D () C:\Qoobox
2014-06-10 14:44 - 2014-06-10 10:46 - 00047948 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 14:42 - 2014-06-10 14:39 - 00000000 ____D () C:\ProgramData\AutoKMS
2014-06-10 14:40 - 2012-08-11 22:36 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 14:40 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 14:39 - 2014-06-10 10:54 - 00001922 _____ () C:\Windows\PFRO.log
2014-06-10 14:39 - 2014-06-10 10:41 - 00000336 _____ () C:\Windows\setupact.log
2014-06-10 14:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 14:38 - 2009-07-14 04:34 - 81788928 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-10 14:38 - 2009-07-14 04:34 - 39059456 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-06-10 14:38 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-10 14:38 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-10 14:38 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-10 14:38 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-10 14:37 - 2014-06-10 12:09 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 14:28 - 2014-06-10 10:51 - 04931577 _____ () C:\Windows\{00000003-00000000-00000000-00001102-00000004-20061102}.BAK
2014-06-10 14:28 - 2012-04-30 13:16 - 04931577 _____ () C:\Windows\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF
2014-06-10 13:17 - 2014-06-10 13:16 - 00000000 ____D () C:\AdwCleaner
2014-06-10 13:03 - 2014-06-10 15:20 - 00000000 _____ () C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-06-10 13:02 - 2014-06-10 15:20 - 02080768 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-06-10 12:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-10 12:12 - 2014-06-10 14:21 - 05205915 ____R (Swearware) C:\Users\Michal\Desktop\ComboFix.exe
2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\rsit
2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\Program Files\trend micro
2014-06-10 10:55 - 2009-07-14 06:45 - 00416640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-10 10:50 - 2009-07-14 07:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 10:41 - 2014-06-10 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-09 23:22 - 2013-01-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 21:34 - 2012-04-30 14:06 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-06-09 21:24 - 2014-06-08 20:33 - 00011519 _____ () C:\Users\Michal\Downloads\hijackthis.log
2014-06-09 21:10 - 2009-07-14 04:34 - 00445760 ____R () C:\Windows\system32\Drivers\etc\hosts.20140609-212017.backup
2014-06-08 22:17 - 2009-07-14 04:34 - 00445760 ____R () C:\Windows\system32\Drivers\etc\hosts.20140609-211020.backup
2014-06-08 22:12 - 2009-07-14 04:34 - 00445760 ____R () C:\Windows\system32\Drivers\etc\hosts.20140608-221756.backup
2014-06-08 21:35 - 2013-05-15 21:06 - 00002226 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-08 20:52 - 2012-08-11 22:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-08 20:44 - 2014-04-16 19:43 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-08 20:44 - 2014-04-16 19:42 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-06-08 20:43 - 2012-04-30 06:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-08 20:39 - 2009-07-14 04:34 - 00445760 ____R () C:\Windows\system32\Drivers\etc\hosts.20140608-221208.backup
2014-06-08 20:34 - 2014-06-08 20:34 - 00000000 ____D () C:\Users\Michal\Downloads\backups
2014-06-08 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-07 22:50 - 2014-06-07 22:50 - 00000555 _____ () C:\Windows\wininit.ini
2014-06-07 22:50 - 2013-03-25 23:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-07 21:54 - 2012-05-03 21:59 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-06-07 21:42 - 2014-06-07 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-07 21:38 - 2014-05-18 15:10 - 00000000 ____D () C:\Users\Michal\Desktop\Songs
2014-06-07 21:34 - 2012-04-29 21:42 - 00000000 ____D () C:\Users\Michal
2014-06-07 21:33 - 2014-06-04 22:46 - 00000000 ____D () C:\Users\Michal\Documents\StreamTransport
2014-06-07 21:33 - 2014-05-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 21:33 - 2014-05-16 18:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-07 21:33 - 2014-05-16 18:43 - 00000000 ____D () C:\Program Files\iTunes
2014-06-07 21:33 - 2014-05-16 18:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-07 21:33 - 2012-04-30 14:08 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-06-07 21:33 - 2009-07-14 17:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-07 21:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-07 21:32 - 2014-05-16 18:43 - 00000000 ____D () C:\Program Files\iPod
2014-06-07 21:32 - 2012-08-05 22:00 - 00000000 ____D () C:\ProgramData\hps
2014-06-06 21:29 - 2014-06-06 21:29 - 00000000 ____D () C:\ProgramData\Sony
2014-06-06 19:43 - 2014-05-25 21:16 - 00000000 ____D () C:\Users\Michal\Desktop\Jirka ŠAfka
2014-06-05 20:16 - 2014-06-05 20:16 - 00006799 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.scn
2014-06-05 20:13 - 2014-06-05 20:13 - 01972360 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi.A.index
2014-06-05 20:13 - 2014-06-05 20:13 - 01183472 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi.index
2014-06-05 20:13 - 2013-03-13 21:17 - 00069632 ___SH () C:\Users\Michal\Documents\Thumbs.db
2014-06-05 19:49 - 2014-06-05 19:18 - 427227930 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.avi
2014-06-04 22:38 - 2014-06-04 21:49 - 409112218 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4.flv
2014-06-04 22:15 - 2014-06-04 22:15 - 03704734 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4_1.flv
2014-06-04 22:03 - 2014-06-04 22:03 - 00000000 ____D () C:\Users\Michal\Downloads\Jirkova-promoce
2014-06-04 22:02 - 2014-06-04 22:02 - 09320472 _____ () C:\Users\Michal\Documents\UdalostiKomentarCT24-101012-MP4_404p.mp4_0.flv
2014-06-04 21:46 - 2014-06-04 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-06-04 21:32 - 2014-06-04 21:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-04 21:06 - 2014-06-04 20:54 - 211247285 _____ () C:\Users\Michal\Downloads\Jirkova-promoce.rar
2014-06-04 20:20 - 2014-06-04 20:20 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Xi
2014-06-03 22:12 - 2014-06-03 22:12 - 01218800 _____ () C:\Users\Michal\Downloads\avantasia-live-at-wacken-2011-peko.avi.index
2014-06-03 22:12 - 2014-06-03 22:12 - 00609400 _____ () C:\Users\Michal\Downloads\avantasia-live-at-wacken-2011-peko.avi.A.index
2014-06-01 11:59 - 2014-06-01 11:59 - 00000669 _____ () C:\Users\Michal\Downloads\číňané(1).ppt
2014-05-30 22:23 - 2012-08-05 22:00 - 00000000 ____D () C:\ProgramData\tmp
2014-05-29 20:19 - 2012-04-30 12:40 - 00000000 ____D () C:\Users\Michal\Documents\SŽDC DRÁHY
2014-05-29 19:11 - 2013-12-14 00:14 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD4FD872-3184-4714-BC62-CB436C60BF6B}
2014-05-25 14:58 - 2009-07-14 17:18 - 06267540 _____ () C:\Windows\system32\perfh005.dat
2014-05-25 14:58 - 2009-07-14 17:18 - 02033760 _____ () C:\Windows\system32\perfc005.dat
2014-05-25 14:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 22:13 - 2012-04-30 07:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 22:13 - 2012-04-30 07:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 22:13 - 2012-04-30 07:51 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 20:16 - 2012-04-29 23:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-16 19:11 - 2014-05-16 19:11 - 01572498 _____ () C:\Users\Michal\Downloads\pokrevni-pouta-2-zlata-lilie.epub
2014-05-16 18:45 - 2014-05-16 18:45 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-16 18:30 - 2012-04-29 21:42 - 00000000 ___RD () C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 18:30 - 2012-04-29 21:42 - 00000000 ___RD () C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 18:26 - 2014-05-06 22:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 18:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 22:50 - 2013-08-14 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 22:48 - 2012-04-30 07:57 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 19:34 - 2014-04-26 20:14 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 19:34 - 2012-04-30 10:14 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 19:34 - 2012-04-30 10:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-11 14:42 - 2012-04-30 12:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 13:44

==================== End Of Log ============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
  HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
  HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
  HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
  HKU\.DEFAULT\...\Run: [Nokia.PCSync] => E:\iso\Nokia PC Suite 6\PcSync2.exe [1744896 2007-03-27] (Time Information Services Ltd.)
  
  SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
  SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
  Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
  Toolbar: HKLM - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File
  Toolbar: HKLM-x32 - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File
  
  S0 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
  S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
  S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
  S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
  
  C:\ProgramData\AutoKMS
  C:\Windows\AutoKMS.exe
  2014-06-10 15:23 - 2014-06-10 15:24 - 00012127 _____ () C:\Users\Michal\Desktop\FRST.txt
  2014-06-10 15:20 - 2014-06-10 13:03 - 00000000 _____ () C:\Users\Michal\Desktop\FRSTLauncher.exe
  2014-06-10 13:16 - 2014-06-10 13:17 - 00000000 ____D () C:\AdwCleaner
  2014-06-10 12:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
  2014-06-10 12:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
  2014-06-10 12:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
  2014-06-10 12:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
  2014-06-10 12:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
  2014-06-10 12:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
  2014-06-10 12:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
  2014-06-10 12:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
  2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\Program Files\trend micro
  2014-06-08 20:34 - 2014-06-08 20:34 - 00000000 ____D () C:\Users\Michal\Downloads\backups
  2014-06-08 20:33 - 2014-06-09 21:24 - 00011519 _____ () C:\Users\Michal\Downloads\hijackthis.log
  2014-06-07 22:50 - 2014-06-07 22:50 - 00000555 _____ () C:\Windows\wininit.ini
  
  Hosts:
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Omlouvám se, že to vždycky ode mě trvá tak dlouho, ale jelikož nejde net, jezdím na kole s flashkou na druhou stranu naší obce na obecní úřad, odkud Vám to vše posílám...
Zde je prosím fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
Ran by Michal at 2014-06-11 13:38:22 Run:1
Running from C:\Users\Michal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Nokia.PCSync] => E:\iso\Nokia PC Suite 6\PcSync2.exe [1744896 2007-03-27] (Time Information Services Ltd.)

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File
Toolbar: HKLM-x32 - No Name - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File

S0 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]

C:\ProgramData\AutoKMS
C:\Windows\AutoKMS.exe
2014-06-10 15:23 - 2014-06-10 15:24 - 00012127 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-06-10 15:20 - 2014-06-10 13:03 - 00000000 _____ () C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-06-10 13:16 - 2014-06-10 13:17 - 00000000 ____D () C:\AdwCleaner
2014-06-10 12:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 12:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 12:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 12:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 11:02 - 2014-06-10 11:02 - 00000000 ____D () C:\Program Files\trend micro
2014-06-08 20:34 - 2014-06-08 20:34 - 00000000 ____D () C:\Users\Michal\Downloads\backups
2014-06-08 20:33 - 2014-06-09 21:24 - 00011519 _____ () C:\Users\Michal\Downloads\hijackthis.log
2014-06-07 22:50 - 2014-06-07 22:50 - 00000555 _____ () C:\Windows\wininit.ini

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NBAgent => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Nokia.PCSync => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}' => Key deleted successfully.
'HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} => value deleted successfully.
'HKCR\CLSID\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}'=> Key not found.
aswNdisFlt => Service deleted successfully.
catchme => Service deleted successfully.
COMMONFX.DLL => Service deleted successfully.
CTAUDFX.DLL => Service deleted successfully.
CTERFXFX.DLL => Service deleted successfully.
CTSBLFX.DLL => Service deleted successfully.

"C:\ProgramData\AutoKMS" directory move:

C:\ProgramData\AutoKMS\AutoKMS.cmd => Moved successfully.
C:\ProgramData\AutoKMS\Resources\StartX\StartX.exe => Moved successfully.
C:\ProgramData\AutoKMS\Resources\MSGBox\Messagebox.exe => Moved successfully.
C:\ProgramData\AutoKMS\Resources\LicenseManagement\ospp.vbs => Moved successfully.
C:\ProgramData\AutoKMS\Resources\LicenseManagement\osppc.dll => Moved successfully.
C:\ProgramData\AutoKMS\Resources\LicenseManagement\slerror.xml => Moved successfully.
C:\ProgramData\AutoKMS\Resources\KMSKG\Keygen.exe => Moved successfully.
Could not move "C:\ProgramData\AutoKMS" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\AutoKMS.exe" => Scheduled to move on reboot.
"C:\Users\Michal\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Michal\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Michal\Downloads\backups => Moved successfully.
C:\Users\Michal\Downloads\hijackthis.log => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-11 13:40:17)<=

C:\ProgramData\AutoKMS => Is moved successfully.
C:\Windows\AutoKMS.exe => Is moved successfully.

==== End of Fixlog ====