istartsurf, ten zmetek

[Magráta]

Dobrý večer,
posílám log z combofixu,
usadil se u mě istartsurf, co teď?

ComboFix 14-08-17.01 - Oem 18.08.2014 21:32:15.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3764.2395 [GMT 2:00]
Spuštěný z: c:\users\Oem\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 19:38 . 2014-08-18 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-18 17:09 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-18 17:07 . 2014-08-18 17:09 -------- d-----w- C:\AdwCleaner
2014-08-18 16:54 . 2014-08-18 18:49 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-18 15:50 . 2014-08-18 15:50 -------- d-----w- c:\program files\Enigma Software Group
2014-08-18 15:49 . 2014-08-18 15:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-17 16:29 . 2014-08-17 16:29 -------- d-sh--w- c:\users\Oem\AppData\Local\EmieUserList
2014-08-17 16:29 . 2014-08-17 16:29 -------- d-sh--w- c:\users\Oem\AppData\Local\EmieSiteList
2014-08-17 16:28 . 2014-08-17 16:28 -------- d-----w- c:\users\Oem\AppData\Local\Opera Software
2014-08-17 16:28 . 2014-08-17 16:28 -------- d-----w- c:\users\Oem\AppData\Roaming\Opera Software
2014-08-17 16:28 . 2014-08-17 16:29 -------- d-----w- c:\program files (x86)\Opera
2014-08-17 16:25 . 2014-08-17 16:25 -------- d-----w- c:\programdata\IePluginServices
2014-08-17 16:25 . 2014-08-17 16:25 -------- d-----w- c:\program files (x86)\SupTab
2014-08-17 16:25 . 2014-08-17 16:25 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-08-17 16:21 . 2014-08-18 16:27 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-17 16:21 . 2014-08-17 16:21 -------- d-----w- c:\users\Oem\AppData\Local\globalUpdate
2014-08-13 10:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 10:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 10:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 10:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 10:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 10:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 10:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 10:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 03:40 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 03:40 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 03:40 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 03:40 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 03:40 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 03:39 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 03:39 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 03:39 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 03:39 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 03:39 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 03:39 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 03:39 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 03:39 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 03:37 . 2014-07-31 23:16 235200 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-08-13 03:36 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 03:36 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 03:36 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 03:36 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-31 07:02 . 2014-08-17 15:40 -------- d-----w- c:\users\Oem\AppData\Roaming\PlayFirst
2014-07-24 06:27 . 2014-08-05 07:53 -------- d-----w- c:\users\Oem\AppData\Roaming\Mad Head Games
2014-07-24 06:25 . 2014-07-24 06:26 -------- d-----w- c:\program files (x86)\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
2014-07-24 06:25 . 2014-07-24 06:25 -------- d-----w- c:\windows\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
2014-07-22 04:37 . 2014-07-23 17:20 -------- d-----w- c:\users\Oem\AppData\Roaming\Top Evidence
2014-07-22 04:37 . 2014-07-23 17:19 -------- d-----w- c:\programdata\Top Evidence
2014-07-21 08:17 . 2014-08-05 11:41 -------- d-----w- c:\users\Oem\AppData\Roaming\Eipix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 16:09 . 2012-10-22 21:27 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 22:12 . 2012-10-22 15:29 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 22:12 . 2012-01-10 12:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-09 18:23 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 18:23 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-09 18:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 18:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 18:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 18:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 18:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 18:21 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 18:21 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 18:21 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 18:21 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 18:21 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 18:21 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 18:21 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 18:21 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 18:21 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 18:21 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 18:21 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 18:21 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 18:21 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 18:21 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 18:22 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-08-17 16:25 507904 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Oem\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-08 1322832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-1-10 723560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 IePluginServices;IePluginServices;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 16:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 22:12]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 15:18]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=14082926 ... TW122TW122
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=14082926 ... TW122TW122
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2014-08-17 18:23; faststartff@gmail.com; c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com
FF - ExtSQL: !HIDDEN! 2014-08-17 18:23; faststartff@gmail.com; c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-18 21:41:14
ComboFix-quarantined-files.txt 2014-08-18 19:41
.
Před spuštěním: Volných bajtů: 412 210 151 424
Po spuštění: Volných bajtů: 411 846 103 040
.
- - End Of File - - 847ECB263392E0723902476DB7EFB91D

Děkuji, DS

[vyosek]

Zdravim

ComboFix se pouziva jen na doporuceni

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[Magráta]

Dobrý den,
omlouvám se za ten combofix, už jsem ho kdysi na radu vašeho moderátora používala.
Ještě před ním jsem zkoušela doporučený Adwcleaner, jenže se kousl ve fázi před odstraněním čehosi, co popisuje jako IePluginServices. Adw jsem pak vypínala pomocí správce úloh. (Vypnuto bylo opravdu všechno, včetně AVG.)
Teď jsem ho stáhla znovu a zopakoval to samé.
Istartsurf, který včera po combofixu zmizel, se ráno opět zjevil.
Prosím o pomoc, slibuju, že už nebudu podnikat nic na vlastní pěst.
Děkuji za odpověď,
přííjemný den, DS

[vyosek]

Tak tam pustime neco jineho

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Magráta]

Dobrý den,
posílám log.


Zoek.exe v5.0.0.0 Updated 19-08-2014
Tool run by Oem on Łt 19.08.2014 at 17:59:23,91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Oem\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

19.8.2014 18:00:34 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Artifex Mundi deleted successfully
C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Evernote deleted successfully
C:\PROGRA~3\Top Evidence deleted successfully
C:\Users\Oem\AppData\Roaming\Artifex Mundi deleted successfully
C:\Users\Oem\AppData\Roaming\Blue Tea Games deleted successfully
C:\Users\Oem\AppData\Roaming\Boolat Games deleted successfully
C:\Users\Oem\AppData\Roaming\Boomzap deleted successfully
C:\Users\Oem\AppData\Roaming\Deep Shadows deleted successfully
C:\Users\Oem\AppData\Roaming\EleFun Games deleted successfully
C:\Users\Oem\AppData\Roaming\Elephant Games deleted successfully
C:\Users\Oem\AppData\Roaming\Mad Head Games deleted successfully
C:\Users\Oem\AppData\Roaming\Top Evidence deleted successfully
C:\Users\Oem\AppData\Roaming\TP deleted successfully
C:\Users\Oem\AppData\Roaming\WinRAR deleted successfully
C:\Users\Oem\AppData\Local\CrashDumps deleted successfully
C:\Users\Oem\AppData\Local\GHISLER deleted successfully
C:\Users\Oem\AppData\Local\MigWiz deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginServices deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default

user.js not found
---- Lines istart removed from prefs.js ----
user_pref("browser.newtab.url", "http://www.istartsurf.com/newtab/?type= ... TW122TW122");
user_pref("browser.search.defaultenginename", "istartsurf");
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "147e5959885dd3b00309887eddb5840a");
---- FireFox user.js and prefs.js backups ----

prefs_19.08.2014_1812_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\WindowsMangerProtect deleted
C:\Users\Oem\AppData\Local\globalUpdate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy deleted
C:\Users\Oem\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~2\SupTab\Loader32.exe" deleted
"C:\PROGRA~2\SupTab\Loader64.exe" deleted
"C:\PROGRA~2\SupTab\WindowsSupportDll32.dll" deleted
"C:\PROGRA~2\SupTab\WindowsSupportDll64.dll" not deleted
"C:\PROGRA~2\SupTab" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-08-18 19:30:19 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-08-18 19:30:19 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-08-18 19:30:19 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-08-18 19:30:19 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-08-18 19:30:19 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2014-08-18 19:25:56 FB2E19773E9BCA1348EF93997F680D17 493931729 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\Oem\AppData\Local\Temp ====
2014-08-06 15:48:25 1047253DC45264B2B8B9CD486A9E8AB0 377107 ----a-w- C:\Users\Oem\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-18 17:09:07 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 10:28:52 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 10:28:50 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:28:47 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll
2014-08-13 10:28:39 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:40:34 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls
2014-08-13 03:40:32 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 03:40:32 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 03:40:32 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 03:40:32 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 03:40:32 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 03:40:13 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2014-08-13 03:39:43 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-08-13 03:39:43 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-08-13 03:39:43 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-08-13 03:38:41 0C2390376D95B0D27A6317F017CD58DC 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2014-08-13 03:38:14 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-08-13 03:38:06 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 03:38:06 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-08-13 03:38:06 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-08-13 03:38:06 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 03:38:06 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 03:38:06 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 03:38:05 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 03:38:05 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-08-13 03:38:05 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 03:38:04 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-08-13 03:38:04 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 03:38:04 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 03:38:04 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-08-13 03:38:04 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 03:38:04 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 03:38:03 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-08-13 03:38:03 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 03:38:03 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-08-13 03:38:00 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-08-13 03:38:00 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-08-13 03:38:00 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 03:38:00 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-08-13 03:38:00 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 03:38:00 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 03:37:59 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-08-13 03:37:59 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 03:36:45 D8BED6BA298DBAAF6F3D746739FCD333 664064 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-13 10:28:52 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 ----a-w- C:\Windows\Sysnative\infocardapi.dll
2014-08-13 10:28:50 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\Sysnative\icardagt.exe
2014-08-13 10:28:47 EE415EC9288182BCFB6E6896A376EA53 8856 ----a-w- C:\Windows\Sysnative\icardres.dll
2014-08-13 10:28:39 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe
2014-08-13 03:40:34 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\Sysnative\locale.nls
2014-08-13 03:40:32 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL
2014-08-13 03:40:32 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL
2014-08-13 03:40:32 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL
2014-08-13 03:40:32 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL
2014-08-13 03:40:32 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL
2014-08-13 03:40:13 EBFEF789E32279C2ED7C81260B186AD7 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2014-08-13 03:39:44 3B39F9D51E4D8BAABDA6518955B58C13 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-08-13 03:39:43 B0F8CCA08DBC392442E27377B98DD0CD 112064 ----a-w- C:\Windows\Sysnative\consent.exe
2014-08-13 03:39:43 A6D0DC3B30F6BB1421DAA92537424822 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-08-13 03:39:43 5DFFC12BF7DB53BDB401804A3C3A475E 1941504 ----a-w- C:\Windows\Sysnative\authui.dll
2014-08-13 03:38:41 AF00649558BFB211A9091F4A6E7B4A0C 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-08-13 03:38:41 9E19DEED6FEB140DA3764C32F2DC4849 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2014-08-13 03:38:15 AE57F6C7AB3ED244B5F14151C4EA0057 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-08-13 03:38:06 08C5E6033786C1E41B63FD38CA22917A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-08-13 03:38:05 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-08-13 03:38:04 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-08-13 03:38:04 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-08-13 03:38:04 6598F2A876E13B6FFA5AE418D41CE7D6 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-08-13 03:38:04 5574B09C4676E8E2EBE125C18BDF9FBF 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-08-13 03:38:04 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-08-13 03:38:04 13A852B606F3644A7A35EDD99F74A685 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-08-13 03:38:03 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-08-13 03:38:03 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-08-13 03:38:02 DF485877CCE229776E6B8BB9116B67FE 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-08-13 03:38:02 9C9FE69902CD45A7D9AB1F0C4EDE646C 348856 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-08-13 03:38:01 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-08-13 03:38:01 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-08-13 03:38:00 FCC86367BB0FB6DEB6614885CBE74FD5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-08-13 03:37:58 72B7D166D1B0D353330A34FDED3F5AA6 598016 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-08-13 03:37:58 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-08-13 03:37:58 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-08-13 03:37:57 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-08-13 03:37:57 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-08-13 03:37:57 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-08-13 03:37:57 1F02286D001AB5EA5719540C587224FE 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-08-13 03:37:57 1EEF9FE30DBE458A89B5F7A16FC68397 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-08-13 03:37:56 EDF22FBAE75ACB48BF51D099C6808B39 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-08-13 03:37:56 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-08-13 03:37:56 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-08-13 03:37:56 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-08-13 03:37:56 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-08-13 03:37:55 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-08-13 03:37:55 1C660588CFFB3A17BCF0F6B4779BF985 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-08-13 03:36:45 F947D57534E01E3CA597BCF2AD8AE65B 1216000 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2014-08-13 03:36:18 9D455E3049B7F93483D7165422B7D0AF 529920 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-08-13 03:36:17 349CF386805783D2E6810A767642F1B8 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-08-13 03:39:08 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-18 15:50:58 -------- d-----w- C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2014-08-18 15:49:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-08-17 16:28:54 -------- d-----w- C:\PROGRA~2\Opera
2014-08-17 16:25:11 -------- d-----w- C:\PROGRA~2\SupTab
2014-07-24 06:25:02 -------- d-----w- C:\PROGRA~2\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
======= C: =====
2014-08-18 15:54:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Oem\AppData\Roaming ======
2014-08-18 19:41:16 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-08-18 19:41:16 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-08-18 19:41:16 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-08-17 16:29:52 -------- d-sh--w- C:\Users\Oem\AppData\Local\EmieUserList
2014-08-17 16:29:52 -------- d-sh--w- C:\Users\Oem\AppData\Local\EmieSiteList
2014-08-17 16:28:58 -------- d-----w- C:\Users\Oem\AppData\Local\Opera Software
2014-08-17 16:28:57 -------- d-----w- C:\Users\Oem\AppData\Roaming\Opera Software
2014-07-31 07:02:20 -------- d-----w- C:\Users\Oem\AppData\Roaming\PlayFirst
2014-07-24 06:26:15 -------- d-----w- C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
2014-07-21 08:17:50 -------- d-----w- C:\Users\Oem\AppData\Roaming\Eipix
====== C:\Users\Oem ======
2014-08-19 05:31:10 E960C16E42BD9A3D0BC6123CD0887F01 1361671 ----a-w- C:\Users\Oem\Downloads\adwcleaner_3.307.exe
2014-08-18 19:41:16 -------- d-----w- C:\Users\Public\AppData
2014-08-18 17:38:45 20A713D46DC08DB4380EB8FF6420B152 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-Installer (2).exe
2014-08-18 17:01:33 0285760517095F6C2C004E02FD7B320F 12925224 ----a-w- C:\Users\Oem\Downloads\yet_another_cleaner_sk.exe
2014-08-18 15:47:36 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-installer (1).exe
2014-08-18 15:47:34 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-installer.exe

====== C: exe-files ==
2014-08-19 05:31:10 E960C16E42BD9A3D0BC6123CD0887F01 1361671 ----a-w- C:\Users\Oem\Downloads\adwcleaner_3.307.exe
2014-08-18 19:30:19 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-08-18 19:30:19 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-08-18 19:30:19 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-08-18 19:30:19 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-08-18 19:30:19 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2014-08-18 18:48:30 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe
2014-08-18 17:38:45 20A713D46DC08DB4380EB8FF6420B152 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-Installer (2).exe
2014-08-18 17:01:33 0285760517095F6C2C004E02FD7B320F 12925224 ----a-w- C:\Users\Oem\Downloads\yet_another_cleaner_sk.exe
2014-08-18 16:54:05 15E51E8ADDED68AE73CD46AE671923E2 190437 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla36.exe
2014-08-18 15:47:36 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-installer (1).exe
2014-08-18 15:47:34 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Oem\Downloads\SpyHunter-installer.exe
2014-08-16 08:45:03 B923F613F59205CAC314E14AE5AC1CBC 509505576 ----a-w- C:\Users\Oem\Downloads\Dream Chronicles Series\Dream Chronicles Series.exe
2014-08-16 06:48:43 78B3254BE5CEA66C7B24E951A125D161 50789666 ----a-w- C:\Users\Oem\Downloads\BigFish - Dream Chronicles The Chosen Child - Duvan\TheChosenChild.exe
2014-08-16 06:47:46 3471CAFE8A5455F6E972BFBEC7B5B281 157314382 ----a-w- C:\Users\Oem\Downloads\{BigFish}Dream Chronicles-The Book Of Air Collectors Edition{H33T][Cybertek]\Dream Chronicles - The Book of Air Collector's Edition.exe
2014-08-16 05:35:50 6E1F206E135062AE90F1D208F80C4E67 8101888 ----a-w- C:\Games\Dream Chronicles 5- The Book of Water Collector's Edition\Dream_Chronicles-The_Book_of_Water.exe
2014-08-15 16:10:51 C56CB929FDC62BA6AFA025C0DF95CA73 1836624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe
2014-08-15 10:52:19 A715DD1F4D7894100FBA9153048FDE1B 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe
2014-08-15 10:52:19 9B3A0BC81C174ADF77DC6869AC6BCDDD 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe
2014-08-15 10:52:19 88950BBD830F5CCA4B18BD6AB3DD05FF 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe
2014-08-15 10:52:19 4505C7EEC5B0FFA5C45A7450198CBCC0 6018176 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
2014-08-13 10:28:50 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:28:50 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-13 10:28:39 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-13 10:28:39 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:40:13 37C7C89B03F9D39629EDA545A1645D68 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe
2014-08-13 03:39:43 B0F8CCA08DBC392442E27377B98DD0CD 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-13 03:38:06 7BAF83ECFCB4AC9E90A4B459BDD59BCA 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-08-13 03:38:06 31A7689F580F37B52F65B9653F8916D4 810176 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-08-13 03:38:05 CDF01A5C7927786A708EAEE91F14797B 812224 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-08-13 03:38:04 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-13 03:38:04 8D526C6DFC13CC2F81395771B7BE1AC6 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-08-13 03:38:04 6A60D0D167D35A07646EBCF796D770B4 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-08-13 03:38:04 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-08-13 03:38:01 7D709E893B53092E3F5995FF5C3061E2 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-08-13 03:38:00 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 03:37:57 1EEF9FE30DBE458A89B5F7A16FC68397 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-13 03:37:55 1C660588CFFB3A17BCF0F6B4779BF985 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-13 03:36:17 5BB980114F9A3D750A5C827B69C8A13B 156672 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-08-13 03:36:17 1E3976298791F63775B64BE5B9C97618 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
=== C: other files ==
2014-08-18 19:51:07 0B8B2FF55ADB48D778C505639E74956E 14380 ----a-w- C:\Users\Oem\Downloads\Titulky k dorama Seumail Eogein.zip
2014-08-18 16:57:39 D5244DDD65EA62BD89928315BEE9C378 7519 ----a-w- C:\Users\Oem\Downloads\Titulky k dorama Woon nuk ruk tem barn (1).zip
2014-08-18 16:57:11 D5244DDD65EA62BD89928315BEE9C378 7519 ----a-w- C:\Users\Oem\Downloads\Titulky k dorama Woon nuk ruk tem barn.zip
2014-08-18 15:54:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-08-13 03:39:08 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-13 03:38:41 AF00649558BFB211A9091F4A6E7B4A0C 3163648 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2696402426-845486531-2689061519-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Oem\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Oem\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Startup Folders ======================

2012-01-10 12:48:40 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09.07.2014 00:12]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22.10.2012 17:18]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22.10.2012 17:18]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{09C3DBC5-495D-4433-B620-E2A9A5EC2DA7}" [C:\Users\Oem\AppData\Roaming\uTorrent\uTorrent.exe]
"C:\Windows\SysNative\tasks\{457A8633-B627-498F-9A0F-80E7FE555AAD}" [C:\Program Files\Aegisub\aegisub32.exe]
"C:\Windows\SysNative\tasks\{62D3FB5D-72AE-4C1F-A88A-5DCA403E1F85}" [C:\Users\Oem\Desktop\Slovnik\Slovnik.exe]
"C:\Windows\SysNative\tasks\{794C32B6-8BD9-493F-BBFF-F12A60B748CE}" [C:\Users\Oem\Desktop\Slovnik\Slovnik.exe]
"C:\Windows\SysNative\tasks\{839D0C6A-B73E-40C4-9F7E-D32F4CBB258A}" [C:\Users\Oem\Desktop\Slovnik\Slovnik.exe]
"C:\Windows\SysNative\tasks\{D5DE72EF-CC97-4B8E-8DD0-59B4801CAA1B}" [C:\Program Files\Aegisub\aegisub32.exe]
"C:\Windows\SysNative\tasks\{D79E153E-B116-474D-8984-18F26A746080}" [C:\Users\Oem\Desktop\Slovnik\Slovnik.exe]
"C:\Windows\SysNative\tasks\{ECA8F2C5-7333-46BC-A1FE-DFFEC150C5A8}" [C:\Program Files\Aegisub\aegisub32.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"faststartff@gmail.com"="C:\Users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com" [17.08.2014 18:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default
- Fast Start - %ProfilePath%\extensions\faststartff@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash


==== Deleted Firefox Extensions ======================

C:\Users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com deleted

==== Chrome Look ======================

Seznam Li\u0161ti\u010Dka - Email - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Li\u0161ti\u010Dka - Slovn\u00EDk - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
YouTube - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Cosmopolise - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm
Google Wallet - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Seznam Lištička - Rychlá volba - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Select City - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Gmail - Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/?clid=16805",
"startup_urls": [ "http://google.com/" ],


==== Chrome Fix ======================

C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_batlyrics.net_0.localstorage-journal deleted successfully
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage deleted successfully
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1 ... TW122TW122"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1 ... TW122TW122"
"Search Page"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1 ... TW122TW122"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1 ... TW122TW122"
"Search Page"="http://www.istartsurf.com/web/?type=ds& ... earchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... -SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTINBP4G will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Oem\AppData\Local\Mozilla\Firefox\Profiles\om5m5v7y.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=275 folders=146 8523912 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Oem\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Oem\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\SupTab\WindowsSupportDll64.dll" not found
"C:\PROGRA~2\SupTab" not found
"C:\Users\Oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTINBP4G" not found

==== EOF on Łt 19.08.2014 at 18:23:32,42 ======================

Moc vám děkuji, hezký večer,
DS

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files (x86)\SupTab
  c:\program files\Enigma Software Group
  
  Registry::
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "uTorrent"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  
  Driver::
  esgiguard
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Magráta]

Dobrý den,
všechno proběhlo bez komplikací a vypadlo na mě tohle:

ComboFix 14-08-19.01 - Oem 20.08.2014 17:33:14.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3764.2131 [GMT 2:00]
Spuštěný z: c:\users\Oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Oem\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140818_175401.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140818_200114.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-20 do 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-20 15:38 . 2014-08-20 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-19 17:47 . 2014-08-20 15:40 -------- d-----w- c:\users\Oem\AppData\Local\Temp
2014-08-19 17:42 . 2014-08-19 17:47 -------- d-----w- C:\zoek
2014-08-18 17:09 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-18 17:07 . 2014-08-19 05:33 -------- d-----w- C:\AdwCleaner
2014-08-18 16:54 . 2014-08-18 18:49 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-18 15:49 . 2014-08-18 15:49 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-17 16:29 . 2014-08-17 16:29 -------- d-sh--w- c:\users\Oem\AppData\Local\EmieUserList
2014-08-17 16:29 . 2014-08-17 16:29 -------- d-sh--w- c:\users\Oem\AppData\Local\EmieSiteList
2014-08-17 16:28 . 2014-08-17 16:28 -------- d-----w- c:\users\Oem\AppData\Local\Opera Software
2014-08-17 16:28 . 2014-08-17 16:28 -------- d-----w- c:\users\Oem\AppData\Roaming\Opera Software
2014-08-17 16:28 . 2014-08-17 16:29 -------- d-----w- c:\program files (x86)\Opera
2014-08-13 10:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 10:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 10:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 10:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 10:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 10:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 10:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 10:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 03:40 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 03:40 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 03:40 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 03:40 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 03:40 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 03:40 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 03:39 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 03:39 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 03:39 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 03:39 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 03:39 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 03:39 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 03:39 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 03:39 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 03:37 . 2014-07-31 23:16 235200 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-08-13 03:36 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 03:36 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 03:36 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 03:36 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-31 07:02 . 2014-08-17 15:40 -------- d-----w- c:\users\Oem\AppData\Roaming\PlayFirst
2014-07-24 06:25 . 2014-07-24 06:26 -------- d-----w- c:\program files (x86)\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
2014-07-24 06:25 . 2014-07-24 06:25 -------- d-----w- c:\windows\Dead Reckoning - Silvermoon Isle Collector's Edition UPDATE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 16:09 . 2012-10-22 21:27 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 22:12 . 2012-10-22 15:29 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 22:12 . 2012-01-10 12:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-09 18:23 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 18:23 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-09 18:22 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 18:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 18:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 18:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 18:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 18:21 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 18:21 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 18:21 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 18:21 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 18:21 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 18:21 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 18:21 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 18:21 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 18:21 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 18:21 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 18:21 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 18:21 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 18:21 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 18:21 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 18:22 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-1-10 723560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 16:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 22:12]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 15:18]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - ExtSQL: 2014-08-17 18:23; faststartff@gmail.com; c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com
FF - ExtSQL: !HIDDEN! 2014-08-17 18:23; faststartff@gmail.com; c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\om5m5v7y.default\extensions\faststartff@gmail.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-08-20 17:45:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-20 15:45
ComboFix2.txt 2014-08-20 15:21
ComboFix3.txt 2014-08-18 19:41
.
Před spuštěním: Volných bajtů: 410 606 469 120
Po spuštění: Volných bajtů: 410 304 630 784
.
- - End Of File - - A2C6F09393E21A79C9015790D657D85E

Děkuji za pomoc,
zdraví DS

[Magráta]

Dobrý večer, zase já.
Je možné, že by prováděné postupy mohly ovlivnit nastavení KMPlayeru?
Titulky se přestaly zobrazovat v obraze a jsou sesypané na hromadě u dolního okraje.
Mořila jsem se s tím dost dlouho, ale nic jsem s tím nesvedla.
Děkuji za odpověď.
DS

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Zkuste pripadne KMPlayer preinstalovat

[Magráta]

Děkuji.
Děkuju moc.
DS

[vyosek]

Pokud tedy nejsou problemy ci dotazy, je to z me strany vse

[Magráta]

Ještě jednou mnohokrát děkuji za trpělivost.
DS

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

Na rozloucenou vam zahraje nase kapela



A na zaklade Pravidla o zamykani temat