Prosím o kontrolu PC Adapter tuneloveho režimu Microsoft Ter

[OTAZ]

info.txt logfile of random's system information tool 1.09 2014-04-13 14:13:24

======Uninstall list======

-->C:\PROGRA~3\INSTAL~1\{A9AE0~1\Setup.exe /remove /q0
-->C:\PROGRA~3\INSTAL~1\{D5402~1\Setup.exe /remove /q0
Adobe Flash Player 12 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -maintain activex
Adobe Flash Player 12 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.06) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Aktualizace NVIDIA 1.10.8-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{01E4C444-4716-4B9D-8439-362ADCCD7AE9}\NVI2.DLL",UninstallPackage Display.Update
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Ashampoo Burning Studio 14 v.14.0.1-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\unins000.exe"
Ashampoo Slideshow Studio HD 3 v.3.0.1-->"C:\Program Files (x86)\Ashampoo\Ashampoo Slideshow Studio HD 3\unins000.exe"
ASUS Product Register Program-->MsiExec.exe /I{49BE9B8A-E858-4533-A74A-64306C13DB59}
AVG PC TuneUp 2014-->C:\Program Files (x86)\AVG\AVG PC TuneUp\TUInstallHelper.exe --Trigger-Uninstall
Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Canon MG5100 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series /L0x0005
Canon MP Navigator EX 4.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Solution Menu EX-->"C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVDFab 9.0.5.5 (26/07/2013)-->"C:\Program Files\DVDFab 9\unins000.exe"
DVDFab 9.1.3.6 (20/03/2014)-->"C:\Program Files (x86)\DVDFab 9\unins000.exe"
Elevated Installer-->MsiExec.exe /I{731BCBE5-11FA-43EA-B3BE-4D9759643D93}
Fotostar Offline client-->"C:\Program Files (x86)\Fotostar\Fotostar Offline client\uninstall.exe"
Garmin Express Tray-->MsiExec.exe /X{D0C1DF08-DB7E-44B1-8BD6-3E23C64ACD7F}
Garmin Express-->"C:\ProgramData\Package Cache\{090dbdaf-9c21-4003-9544-3a57184fff74}\GarminExpressInstaller.exe" /uninstall
Garmin Express-->MsiExec.exe /I{60A01416-B171-460E-9022-E101C2F18B49}
Garmin POI Loader-->MsiExec.exe /X{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}
Garmin Update Service-->MsiExec.exe /I{4154142A-6E2E-4BB7-A940-3ADC63C713FD}
Garmin USB Drivers-->MsiExec.exe /X{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}
Java 7 Update 51-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
Microsoft .NET Framework 4.5.1 (CSY)-->MsiExec.exe /X{50813B8C-FCBB-3C61-8039-EAAA93029066}
Microsoft .NET Framework 4.5.1 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 28.0 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
NVIDIA Ovladače grafiky 307.83-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{01E4C444-4716-4B9D-8439-362ADCCD7AE9}\NVI2.DLL",UninstallPackage Display.Driver
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Registrace uživatele zařízení Canon MG5100 series-->C:\Program Files (x86)\Canon\IJEREG\MG5100 series\UNINST.EXE
Revo Uninstaller Pro 3.0.8-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\setup.exe" -l0x9
save2pc Ultimate 5.35-->"C:\Program Files (x86)\FDRLab\save2pc\unins000.exe"
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79850906-6D2B-4061-8EAF-EAC84173DEC5}
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition -->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A4A50F66-DD0F-4150-A19F-0F35531D6E21}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7112510-2575-4BA4-A576-78BF8A6307BC}
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4CCE0378-386F-4DC2-9CC1-A3710C77057D}
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6B4A3804-666A-4DD8-84A7-B97701416784}
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BF5CD3E0-D52B-4561-A4B6-AF8296E0EEA5}
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {686630EC-8033-4031-85C5-D8E5CD62A958}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F88656FB-92A1-484E-911E-D259B15CF420}
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A4EE5251-03F4-47DE-B5BC-713D708902A8}
Seznam Instalátor-->C:\Windows\system32\ssinstall-uninstall.bat
The KMPlayer (remove only)-->"C:\Program Files (x86)\The KMPlayer\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53DEC068-4690-4F6B-9946-7D21EF02236B}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}
VIA Platforma Ovladače zařízení-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VSO ConvertXToDVD-->"C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe"
Win7codecs-->cmd /c start /D"C:\Program Files (x86)\Win7codecs\Tools" Settings32.exe uninstall
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\048B92BA3327CEF8\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_amd64_neutral_d77b1dda68556870\grmnusb.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 5.01 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
YTD Video Downloader 4.7.1-->"C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"
Zoner Photo Studio 16-->"C:\Program Files\Zoner\Photo Studio 16\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: DOMA-PC
Event Code: 89
Message: Teplotní zóna ACPI ACPI\ThermalZone\TZ01 byla vyhodnocena.
_PSV = 379 K
_TC1 = 1
_TC2 = 5
_TSP = 1000 ms
_AC0 = 0 K
_AC1 = 0 K
_AC2 = 0 K
_AC3 = 0 K
_AC4 = 0 K
_AC5 = 0 K
_AC6 = 0 K
_AC7 = 0 K
_AC8 = 0 K
_AC9 = 0 K
_CRT = 379 K
_HOT = 0 K
_PSL – viz data události.
Record Number: 73636
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20131210204800.403654-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DOMA-PC
Event Code: 89
Message: Teplotní zóna ACPI ACPI\ThermalZone\TZ00 byla vyhodnocena.
_PSV = 0 K
_TC1 = 0
_TC2 = 0
_TSP = 0 ms
_AC0 = 358 K
_AC1 = 328 K
_AC2 = 273 K
_AC3 = 273 K
_AC4 = 273 K
_AC5 = 0 K
_AC6 = 0 K
_AC7 = 0 K
_AC8 = 0 K
_AC9 = 0 K
_CRT = 379 K
_HOT = 0 K
_PSL – viz data události.
Record Number: 73635
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20131210204800.403654-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DOMA-PC
Event Code: 26
Message: Procesor 3 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 3
stavy činnosti: 16
stavy omezení: 0
Record Number: 73634
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20131210204759.966853-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DOMA-PC
Event Code: 26
Message: Procesor 1 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 3
stavy činnosti: 16
stavy omezení: 0
Record Number: 73633
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20131210204759.966853-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: DOMA-PC
Event Code: 26
Message: Procesor 2 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 3
stavy činnosti: 16
stavy omezení: 0
Record Number: 73632
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20131210204759.966853-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIFD61.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_dbcec77f966b77ec9e7541e67fd1cff64463f547_cab_07f5fdde

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 2c3cd2e2-edf5-11e2-bf5a-f314ae6acfc4
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20130716085324.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20130716085226.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20130716085221.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130716085215.794105-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20130716085216.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: DOMA-PC
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:

Předmět:
ID zabezpečení: S-1-5-21-1482381698-2929903929-1953463437-1000
Název účtu: DOMA
Doména účtu: DOMA-PC
ID přihlášení: 0x1a13a

Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 17773
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131016102730.129948-000
Event Type: Úspěšný audit
User:

Computer Name: DOMA-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-21-1482381698-2929903929-1953463437-1001
Název účtu: UpdatusUser
Doména účtu: DOMA-PC
ID přihlášení: 0x1aae92

Typ přihlášení: 9

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 17772
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131016085227.249145-000
Event Type: Úspěšný audit
User:

Computer Name: DOMA-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-1482381698-2929903929-1953463437-1001
Název účtu: UpdatusUser
Doména účtu: DOMA-PC
ID přihlášení: 0x1aae92

Oprávnění: SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
Record Number: 17771
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131016085225.954343-000
Event Type: Úspěšný audit
User:

Computer Name: DOMA-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-21-1482381698-2929903929-1953463437-1001
Název účtu: UpdatusUser
Doména účtu: DOMA-PC
ID přihlášení: 0x12ce85

Typ přihlášení: 9

Nové přihlášení:
ID zabezpečení: S-1-5-21-1482381698-2929903929-1953463437-1001
Název účtu: UpdatusUser
Doména účtu: DOMA-PC
ID přihlášení: 0x1aae92
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x3b8
Název procesu: C:\Windows\System32\svchost.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě ::1
Zdrojový port: 0

Podrobné informace o ověření:
Proces přihlášení: seclogo
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 17770
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131016085225.954343-000
Event Type: Úspěšný audit
User:

Computer Name: DOMA-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 17769
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131016083907.569435-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"ESET_OPTIONS"=

-----------------EOF-----------------

[Roli]

Zdravím, adaptér ve Vlastnostech zakaž a dej mi sem ještě log.txt z Rsit.

[OTAZ]

Logfile of random's system information tool 1.09 (written by random/random)
Run by DOMA at 2014-04-15 11:50:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 402 GB (84%) free of 477 GB
Total RAM: 4048 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:19, on 15.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\DOMA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1482381698-2929903929-1953463437-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1482381698-2929903929-1953463437-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\Windows\SysWOW64\ssins.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: Zjišťování interaktivních služeb (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8012 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"taskhost.exe"
"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\SysWOW64\ssins.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe" /TUStart /pid:2156
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f8a5919b-b36d-493e-8e75-e65b9302498c -SystemEventPortName:HostProcess-e82b41ed-f25b-4de3-a916-df3c5abce809 -IoCancelEventPortName:HostProcess-acd4eb91-fa45-49d3-a4fe-c583a8b4a251 -NonStateChangingEventPortName:HostProcess-90aab46d-51d6-4014-9fec-296333cb2548 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:928978e3-e569-414b-af46-6ccf233817b1 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\DOMA\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef72f870d0911.job

=========Mozilla firefox=========

ProfilePath - C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default\extensions\
cs@dictionaries.addons.mozilla.org
foxmarks@kei.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default\searchplugins\
buenosearch.xml
firmycz.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511111108}]
Plus-HD-8.1

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-05 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-05 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5618456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-03-31 833024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-02-09 5015040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\solidfileslzsr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-03-31 833024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-03-31 833024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner64.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offdiag.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zps.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-13 14:13:20 ----D---- C:\rsit
2014-04-13 14:13:20 ----D---- C:\Program Files\trend micro
2014-04-11 19:18:52 ----D---- C:\Users\DOMA\AppData\Roaming\7121
2014-04-10 12:24:57 ----A---- C:\Windows\system32\drivers\wStLibG64.sys
2014-04-10 11:53:55 ----D---- C:\Users\DOMA\AppData\Roaming\31009
2014-04-10 10:54:40 ----D---- C:\Program Files (x86)\Surftastic
2014-04-09 11:21:31 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-09 11:21:31 ----A---- C:\Windows\system32\ieui.dll
2014-04-09 11:21:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-09 11:21:27 ----A---- C:\Windows\system32\vbscript.dll
2014-04-09 11:21:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 11:21:20 ----A---- C:\Windows\system32\iernonce.dll
2014-04-09 11:21:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 11:21:20 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-09 11:21:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-09 11:21:19 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-09 11:21:19 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-09 11:21:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-09 11:21:18 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-09 11:21:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-09 11:21:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-09 11:21:18 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-09 11:21:18 ----A---- C:\Windows\system32\msrating.dll
2014-04-09 11:21:18 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-09 11:21:18 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-09 11:21:17 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-09 11:21:17 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-09 11:21:17 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-09 11:21:17 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-09 11:21:17 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-09 11:21:17 ----A---- C:\Windows\system32\iesetup.dll
2014-04-09 11:21:16 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-09 11:21:16 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-09 11:21:16 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-09 11:21:16 ----A---- C:\Windows\system32\mshtml.dll
2014-04-09 11:21:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-09 11:21:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 11:21:15 ----A---- C:\Windows\system32\iertutil.dll
2014-04-09 11:21:15 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-09 11:21:15 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-09 11:21:15 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-09 11:21:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-09 11:21:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-09 11:21:14 ----A---- C:\Windows\system32\wininet.dll
2014-04-09 11:21:14 ----A---- C:\Windows\system32\urlmon.dll
2014-04-09 11:21:14 ----A---- C:\Windows\system32\ieframe.dll
2014-04-09 11:21:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-09 11:21:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-09 11:21:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-09 11:21:13 ----A---- C:\Windows\system32\jscript9.dll
2014-04-09 11:19:13 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-09 11:19:13 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-09 11:19:13 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 11:19:13 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-09 11:19:12 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-09 11:19:08 ----A---- C:\Windows\system32\kernel32.dll
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-09 11:19:07 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-09 11:19:07 ----A---- C:\Windows\system32\wow64win.dll
2014-04-09 11:19:07 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-09 11:19:07 ----A---- C:\Windows\system32\wow64.dll
2014-04-09 11:19:07 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-09 11:18:40 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-08 12:35:04 ----D---- C:\Program Files (x86)\AVG
2014-04-08 11:17:18 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2014-04-08 11:17:18 ----A---- C:\Windows\system32\uxtuneup.dll
2014-04-08 11:10:28 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2014-04-08 11:10:28 ----A---- C:\Windows\system32\TURegOpt.exe
2014-04-08 11:10:28 ----A---- C:\Windows\system32\authuitu.dll
2014-04-04 17:34:19 ----D---- C:\Program Files (x86)\FDRLab
2014-04-04 14:19:27 ----D---- C:\Program Files (x86)\DsNET Corp
2014-04-03 18:13:11 ----D---- C:\Users\DOMA\AppData\Roaming\30843
2014-03-30 01:43:31 ----D---- C:\ProgramData\YTD Video Downloader
2014-03-30 01:43:26 ----D---- C:\Program Files (x86)\GreenTree Applications
2014-03-30 00:01:53 ----D---- C:\Users\DOMA\AppData\Roaming\OpenCandy
2014-03-19 17:29:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-03-19 16:14:41 ----D---- C:\Users\DOMA\AppData\Roaming\Ashampoo Slideshow Studio HD 3

======List of files/folders modified in the last 1 month======

2014-04-15 11:50:19 ----D---- C:\Windows\Temp
2014-04-15 11:08:22 ----D---- C:\Windows\system32\config
2014-04-15 11:01:26 ----D---- C:\Windows\System32
2014-04-15 11:01:26 ----D---- C:\Windows\inf
2014-04-15 11:01:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-13 14:13:20 ----RD---- C:\Program Files
2014-04-13 10:56:06 ----D---- C:\Windows\system32\NDF
2014-04-13 10:53:10 ----D---- C:\Windows\system32\catroot2
2014-04-12 11:08:11 ----D---- C:\Windows
2014-04-11 21:11:55 ----D---- C:\Users\DOMA\AppData\Roaming\uTorrent
2014-04-11 19:18:05 ----HD---- C:\ProgramData
2014-04-11 17:35:47 ----SHD---- C:\System Volume Information
2014-04-11 17:30:55 ----D---- C:\ProgramData\VSO
2014-04-11 16:36:14 ----A---- C:\Windows\SYSWOW64\log.txt
2014-04-11 16:15:40 ----D---- C:\Users\DOMA\AppData\Roaming\newnext.me
2014-04-10 19:43:26 ----A---- C:\Windows\win.ini
2014-04-10 12:24:57 ----D---- C:\Windows\system32\drivers
2014-04-10 11:55:07 ----D---- C:\Program Files (x86)\DVDFab 9
2014-04-10 10:54:40 ----RD---- C:\Program Files (x86)
2014-04-09 17:21:08 ----D---- C:\Windows\system32\Tasks
2014-04-09 11:24:49 ----D---- C:\Windows\winsxs
2014-04-09 11:23:03 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-09 11:23:03 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-09 11:23:03 ----D---- C:\Windows\SysWOW64
2014-04-09 11:23:03 ----D---- C:\Windows\system32\en-US
2014-04-09 11:23:03 ----D---- C:\Windows\system32\cs-CZ
2014-04-09 11:23:03 ----D---- C:\Windows\PolicyDefinitions
2014-04-09 11:23:03 ----D---- C:\Program Files\Internet Explorer
2014-04-09 11:23:02 ----D---- C:\Windows\AppPatch
2014-04-09 11:23:02 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-09 11:23:01 ----D---- C:\Windows\system32\DriverStore
2014-04-09 11:22:48 ----SHD---- C:\Windows\Installer
2014-04-09 11:22:47 ----SHD---- C:\Config.Msi
2014-04-09 11:22:47 ----D---- C:\ProgramData\Microsoft Help
2014-04-09 11:22:06 ----D---- C:\Windows\system32\catroot
2014-04-08 16:11:36 ----D---- C:\ProgramData\InstallMate
2014-04-08 12:42:29 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-08 12:25:09 ----D---- C:\Program Files\CCleaner
2014-04-07 15:51:23 ----D---- C:\ProgramData\CanonIJPLM
2014-04-02 17:25:56 ----D---- C:\Windows\Prefetch
2014-04-02 17:25:53 ----D---- C:\Windows\Tasks
2014-03-28 15:19:03 ----D---- C:\Windows\system32\FxsTmp
2014-03-25 18:46:19 ----SD---- C:\Users\DOMA\AppData\Roaming\Microsoft
2014-03-20 12:07:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 16:14:15 ----D---- C:\Program Files (x86)\Ashampoo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-06 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 wStLibG64;wStLibG64; C:\Windows\system32\drivers\wStLibG64.sys [2014-04-10 61120]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-02-10 14112]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-11-11 2182768]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-09-12 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-07-09 219480]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-19 1259296]
R2 ssinstall;SInstalátor; C:\Windows\SysWOW64\ssins.exe [2013-10-02 2324216]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-03-31 2183992]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-11-11 27760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-19 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-17 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 116648]
S4 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]

-----------------EOF-----------------

[Roli]

V Plánovači úloh zakaž Google Update bude to tam několikrát.


Přes Odebrat programy nebo CCleaner níže odinstaluj vše od AVG.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !

[OTAZ]

Co jsi napsal tak jsem udělal a tady je log.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.04.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
DOMA :: DOMA-PC [administrátor]

Ochrana: Zakázána

15.4.2014 21:25:54
MBAM-log-2014-04-15 (22-07-45).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 390643
Uplynulý čas: 41 minut, 30 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 10
HKCR\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921} (PUP.Optional.Linkey.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0048559.Sandbox (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0051108.BHO (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Apps Hat (PUP.Optional.AppsHat.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Plus-HD-8.1 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\InstalledBrowserExtensions\Nero (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SystemK\General (PUP.Optional.SettingsManager.A) -> Nebyla provedena žádná instrukce.
HKLM\Software\Apps Hat (PUP.Optional.AppsHat.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 4
C:\Users\DOMA\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\OpenCandy\AAA9354225E24F23B9F9265EEBB81C1B (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 15
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Users\DOMA\AppData\Local\genienext\nengine.dll.vir (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll.vir (PUP.Optional.PriceGong.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revo.uninstaller.pro.3.x.(x64)-patch.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\Desktop\Aone-Video-Splitter-Joiner-Suite-6.4.1010.rar.exe (PUP.Optional.Installrex) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\Desktop\Programy\Instalční programy\Revo Uninstaller Pro 3.0.8 Multilanguage.rar (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml (PUP.Optional.DefaultSearch.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\OpenCandy\AAA9354225E24F23B9F9265EEBB81C1B\PokkiInstaller.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\DOMA\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.

(konec)

[Roli]

To co Mban našel nech vše smazat a pak mi sem dej zase log.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[OTAZ]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.04.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
DOMA :: DOMA-PC [administrátor]

Ochrana: Povolena

17.4.2014 11:49:19
mbam-log-2014-04-17 (11-49-19).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 396514
Uplynulý čas: 44 minut, 57 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[OTAZ]

ComboFix 14-04-12.01 - DOMA 17.04.2014 12:44:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.1634 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DOMA\AppData\Roaming\inst.exe
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-17 do 2014-04-17 )))))))))))))))))))))))))))))))
.
.
2014-04-17 10:49 . 2014-04-17 10:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-17 10:49 . 2014-04-17 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 10:24 . 2014-04-17 10:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFD190BB-AF48-4004-B7B4-3109DFE613F8}\offreg.dll
2014-04-17 10:08 . 2014-04-17 10:08 313256 ----a-w- c:\windows\system32\javaws.exe
2014-04-17 10:08 . 2014-04-17 10:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-17 10:08 . 2014-04-17 10:08 189352 ----a-w- c:\windows\system32\javaw.exe
2014-04-17 10:08 . 2014-04-17 10:08 189352 ----a-w- c:\windows\system32\java.exe
2014-04-17 10:08 . 2014-04-17 10:08 -------- d-----w- c:\program files\Java
2014-04-15 19:25 . 2014-04-15 19:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-04-15 19:25 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 15:57 . 2014-04-15 16:07 -------- d-----w- c:\programdata\MyPrinter
2014-04-15 13:17 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFD190BB-AF48-4004-B7B4-3109DFE613F8}\mpengine.dll
2014-04-13 12:13 . 2014-04-15 09:50 -------- d-----w- c:\program files\trend micro
2014-04-13 12:13 . 2014-04-13 12:13 -------- d-----w- C:\rsit
2014-04-11 17:18 . 2014-04-11 17:18 -------- d-----w- c:\users\DOMA\AppData\Roaming\7121
2014-04-10 11:30 . 2014-04-10 11:30 -------- d-sh--w- c:\users\DOMA\AppData\Local\EmieUserList
2014-04-10 11:30 . 2014-04-10 11:30 -------- d-sh--w- c:\users\DOMA\AppData\Local\EmieSiteList
2014-04-10 10:24 . 2014-04-10 10:24 61120 ----a-w- c:\windows\system32\drivers\wStLibG64.sys
2014-04-10 09:53 . 2014-04-10 09:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\31009
2014-04-10 08:54 . 2014-04-10 18:00 -------- d-----w- c:\program files (x86)\Surftastic
2014-04-09 09:19 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 09:18 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-08 10:37 . 2014-04-08 10:37 -------- d-----w- c:\users\DOMA\AppData\Local\qb0CFF93.94
2014-04-08 08:23 . 2014-04-08 08:23 -------- d-----w- c:\users\DOMA\AppData\Local\AVG
2014-04-04 15:34 . 2014-04-04 15:34 -------- d-----w- c:\program files (x86)\FDRLab
2014-04-04 12:19 . 2014-04-04 12:28 -------- d-----w- c:\program files (x86)\DsNET Corp
2014-04-03 16:13 . 2014-04-03 16:13 -------- d-----w- c:\users\DOMA\AppData\Roaming\30843
2014-03-19 14:14 . 2014-03-19 14:38 -------- d-----w- c:\users\DOMA\AppData\Roaming\Ashampoo Slideshow Studio HD 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-17 10:03 . 2013-07-17 17:06 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-17 10:03 . 2013-07-17 17:06 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 13:59 . 2014-03-05 13:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-04 09:17 . 2014-04-09 09:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 08:22 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 08:22 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 08:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 08:22 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 08:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 08:22 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 08:22 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 08:23 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2014-03-31 833024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 08:32 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 10:03]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 14:32]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef72f870d0911.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2013-06-26 2750536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5211
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5211
FF - user.js: extensions.buenosearch.id - 640793c100000000000050465d8f71a5
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16168
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.711:25
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110511111108} - (no file)
Toolbar-10 - (no file)
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE180191267}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE195c7f5f6}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-17 12:51:27
ComboFix-quarantined-files.txt 2014-04-17 10:51
.
Před spuštěním: Volných bajtů: 410 269 073 408
Po spuštění: Volných bajtů: 409 867 436 032
.
- - End Of File - - B7E83FD4E3DF80A7D90463D36EB0A1BF
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

FireFox::
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default\
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=640750465D8F71A5&affID=128235&tsp=5211
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=640750465D8F71A5&affID=128235&tsp=5211
FF - user.js: extensions.buenosearch.id - 640793c100000000000050465d8f71a5
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16168
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.711:25
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[OTAZ]

ComboFix 14-04-17.01 - DOMA 18.04.2014 11:16:16.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.2586 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DOMA\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-18 do 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 09:19 . 2014-04-18 09:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-18 09:19 . 2014-04-18 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 10:08 . 2014-04-17 10:08 313256 ----a-w- c:\windows\system32\javaws.exe
2014-04-17 10:08 . 2014-04-17 10:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-17 10:08 . 2014-04-17 10:08 189352 ----a-w- c:\windows\system32\javaw.exe
2014-04-17 10:08 . 2014-04-17 10:08 189352 ----a-w- c:\windows\system32\java.exe
2014-04-17 10:08 . 2014-04-17 10:08 -------- d-----w- c:\program files\Java
2014-04-15 19:25 . 2014-04-15 19:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-04-15 19:25 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 15:57 . 2014-04-15 16:07 -------- d-----w- c:\programdata\MyPrinter
2014-04-13 12:13 . 2014-04-15 09:50 -------- d-----w- c:\program files\trend micro
2014-04-13 12:13 . 2014-04-13 12:13 -------- d-----w- C:\rsit
2014-04-11 17:18 . 2014-04-11 17:18 -------- d-----w- c:\users\DOMA\AppData\Roaming\7121
2014-04-10 11:30 . 2014-04-10 11:30 -------- d-sh--w- c:\users\DOMA\AppData\Local\EmieUserList
2014-04-10 11:30 . 2014-04-10 11:30 -------- d-sh--w- c:\users\DOMA\AppData\Local\EmieSiteList
2014-04-10 10:24 . 2014-04-10 10:24 61120 ----a-w- c:\windows\system32\drivers\wStLibG64.sys
2014-04-10 09:53 . 2014-04-10 09:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\31009
2014-04-10 08:54 . 2014-04-10 18:00 -------- d-----w- c:\program files (x86)\Surftastic
2014-04-09 09:19 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 09:18 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-08 10:37 . 2014-04-08 10:37 -------- d-----w- c:\users\DOMA\AppData\Local\qb0CFF93.94
2014-04-08 08:23 . 2014-04-08 08:23 -------- d-----w- c:\users\DOMA\AppData\Local\AVG
2014-04-04 15:34 . 2014-04-04 15:34 -------- d-----w- c:\program files (x86)\FDRLab
2014-04-04 12:19 . 2014-04-04 12:28 -------- d-----w- c:\program files (x86)\DsNET Corp
2014-04-03 16:13 . 2014-04-03 16:13 -------- d-----w- c:\users\DOMA\AppData\Roaming\30843
2014-03-19 14:14 . 2014-03-19 14:38 -------- d-----w- c:\users\DOMA\AppData\Roaming\Ashampoo Slideshow Studio HD 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-17 10:03 . 2013-07-17 17:06 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-17 10:03 . 2013-07-17 17:06 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 07:35 . 2013-07-17 10:54 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-05 13:59 . 2014-03-05 13:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-04 09:17 . 2014-04-09 09:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 08:22 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 08:22 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 08:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 08:22 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 08:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 08:22 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 08:22 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 08:23 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-04-01 118104]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2014-03-31 833024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 08:32 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 10:03]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 14:32]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef72f870d0911.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2013-06-26 2750536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\3amwd1fg.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
BHO-{11111111-1111-1111-1111-110511111108} - (no file)
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE180191267}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64A3D41B-61A5-4834-9A42-FDE195c7f5f6}]
@Denied: (Full) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-04-18 11:20:58
ComboFix-quarantined-files.txt 2014-04-18 09:20
.
Před spuštěním: Volných bajtů: 404 608 847 872
Po spuštění: Volných bajtů: 404 547 731 456
.
- - End Of File - - D9DFD9FB40D605246C31D6040DF37730
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[OTAZ]

Tak jsem provedl vše co jsi mě psal a Pc se zdá že je ve 100% zdraví.Ještě jsem se chtěl zeptat je třeba používat nějaký program místo toho AVG PC TuneUp.

[Roli]

Ještě jsem se chtěl zeptat je třeba používat nějaký program místo toho AVG PC TuneUp.

Stačí použít čas od času CCleaner, protože tyhle rádoby pomocníci dokáží nadělat v PC pěknou paseku.

[OTAZ]

Tak ti moc děkuji za tvoji ochotu mě pomoci s vyčištěním PC.Klobouk dolu před tvými znalostmi ohledně PC.Ještě jednou děkuji a přeji pěkný den.

[Roli]

Není vůbec zač, měj se a