Prosím o kontrolu logu, celé zle..

Mel · Příspěvekod **Mel** » 04 pro 2014 21:06

ComboFix 14-12-04.01 - Lančin . 12. 2014 20:50:03.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2012.875 [GMT 1:00]
Running from: c:\users\LanŔin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2014-11-04 to 2014-12-04 )))))))))))))))))))))))))))))))
.
.
2014-12-04 19:57 . 2014-12-04 19:59 -------- d-----w- c:\users\Lančin\AppData\Local\temp
2014-12-04 19:32 . 2014-12-04 19:17 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-04 19:17 . 2014-12-04 19:35 -------- d-----w- C:\zoek_backup
2014-12-04 10:37 . 2014-12-04 19:06 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-04 10:36 . 2014-12-04 10:37 -------- d-----w- c:\programdata\RogueKiller
2014-12-04 07:03 . 2014-12-04 09:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-04 07:02 . 2014-12-04 07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-04 07:02 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-04 07:02 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-04 06:53 . 2014-12-04 08:57 -------- d-----w- C:\AdwCleaner
2014-12-04 06:47 . 2014-12-04 06:47 -------- d-----w- c:\users\Lančin\AppData\Local\Adobe
2014-12-02 22:09 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8174031-F185-458A-9973-AC4B50C4D108}\mpengine.dll
2014-11-22 17:03 . 2014-11-22 17:03 -------- d-sh--w- c:\users\Lančin\AppData\Local\EmieBrowserModeList
2014-11-18 21:13 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 21:13 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 23:47 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 23:47 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 23:47 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-11 23:47 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 23:47 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-11 23:45 . 2014-11-06 03:19 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-11-05 09:37 . 2014-11-05 09:37 -------- d-----w- C:\UnknownFolder1514
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 18:30 . 2012-04-19 06:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-26 18:30 . 2011-09-19 16:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 05:14 . 2012-07-20 07:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-04 13:30 . 2011-09-19 16:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-08 04:42 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-23 23:25 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-20 04:33 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE" [2012-02-29 249440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-31 280576]
.
c:\users\Lančin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-08-29 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-08-16 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-08-16 49664]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2012-07-05 4209856]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2014-07-24 27768]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-07-24 109256]
S3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-19 47360]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-07-24 564912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.olmici.cz/hry-olmici
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lančin\AppData\Roaming\Mozilla\Firefox\Profiles\9mn8fqyf.default-1388217033647\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BitLord - c:\program files\BitLord\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,08,40,9e,e9,7a,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-12-04 21:04:30 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-04 20:04
.
Pre-Run: 419 333 115 904 bytes free
Post-Run: 419 215 663 104 bytes free
.
- - End Of File - - 0AA258D034A4576B12ABD3F5D217179B
A36C5E4F47E84449FF07ED3517B43A31

Reklama

Příspěvekod **jaro3** » 05 pro 2014 10:24

AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

dva antiviry , jeden odinstaluj a pak dej nový Combofix.

Mel · Příspěvekod **Mel** » 06 pro 2014 14:53

Ahoj,
chcela som odinštalovat AV: Microsoft Security Essentials, ale nikde som ho nenašla...

ComboFix 14-12-04.01 - Lančin . 12. 2014 14:37:14.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2012.1153 [GMT 1:00]
Running from: c:\users\Lančin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-11-06 to 2014-12-06 )))))))))))))))))))))))))))))))
.
.
2014-12-04 19:32 . 2014-12-04 19:17 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-04 19:17 . 2014-12-04 19:35 -------- d-----w- C:\zoek_backup
2014-12-04 10:37 . 2014-12-04 19:06 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-04 10:36 . 2014-12-04 10:37 -------- d-----w- c:\programdata\RogueKiller
2014-12-04 07:03 . 2014-12-04 09:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-04 07:02 . 2014-12-04 07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-04 07:02 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-04 07:02 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-04 06:53 . 2014-12-04 08:57 -------- d-----w- C:\AdwCleaner
2014-12-04 06:47 . 2014-12-04 06:47 -------- d-----w- c:\users\Lančin\AppData\Local\Adobe
2014-11-22 17:03 . 2014-11-22 17:03 -------- d-sh--w- c:\users\Lančin\AppData\Local\EmieBrowserModeList
2014-11-18 21:13 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 21:13 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 23:47 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 23:47 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 23:47 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-11 23:47 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 23:47 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-11 23:45 . 2014-11-06 03:19 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 18:30 . 2012-04-19 06:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-26 18:30 . 2011-09-19 16:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 05:14 . 2012-07-20 07:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-04 13:30 . 2011-09-19 16:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-08 04:42 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-23 23:25 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-20 04:33 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE" [2012-02-29 249440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-31 280576]
.
c:\users\Lančin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-08-29 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-08-16 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-08-16 49664]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2012-07-05 4209856]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2014-07-24 27768]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-07-24 109256]
S3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-19 47360]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-07-24 564912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.olmici.cz/hry-olmici
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lančin\AppData\Roaming\Mozilla\Firefox\Profiles\9mn8fqyf.default-1388217033647\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,08,40,9e,e9,7a,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-06 14:46:00
ComboFix-quarantined-files.txt 2014-12-06 13:46
ComboFix2.txt 2014-12-04 20:04
.
Pre-Run: 418 632 294 400 bytes free
Post-Run: 418 577 416 192 bytes free
.
- - End Of File - - 8A5F2050C19455C9D3C2BED5C253E040
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 07 pro 2014 10:08

Odinstaluj:
AdvancedSystemCare7

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,08,40,9e,e9,7a,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Mel · Příspěvekod **Mel** » 07 pro 2014 10:39

ComboFix 14-12-04.01 - Lančin . 12. 2014 10:19:51.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2012.940 [GMT 1:00]
Running from: c:\users\LanŔin\Desktop\ComboFix.exe
Command switches used :: c:\users\LanŔin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-11-07 to 2014-12-07 )))))))))))))))))))))))))))))))
.
.
2014-12-04 19:32 . 2014-12-04 19:17 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-04 19:17 . 2014-12-04 19:35 -------- d-----w- C:\zoek_backup
2014-12-04 10:37 . 2014-12-04 19:06 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-04 10:36 . 2014-12-04 10:37 -------- d-----w- c:\programdata\RogueKiller
2014-12-04 07:03 . 2014-12-04 09:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-04 07:02 . 2014-12-04 07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-04 07:02 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-04 07:02 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-04 06:53 . 2014-12-04 08:57 -------- d-----w- C:\AdwCleaner
2014-12-04 06:47 . 2014-12-04 06:47 -------- d-----w- c:\users\Lančin\AppData\Local\Adobe
2014-11-22 17:03 . 2014-11-22 17:03 -------- d-sh--w- c:\users\Lančin\AppData\Local\EmieBrowserModeList
2014-11-18 21:13 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 21:13 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 23:47 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 23:47 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 23:47 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-11 23:47 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 23:47 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-11 23:45 . 2014-11-06 03:19 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 18:30 . 2012-04-19 06:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-26 18:30 . 2011-09-19 16:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 05:14 . 2012-07-20 07:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-04 13:30 . 2011-09-19 16:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-08 04:42 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-23 23:25 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-20 04:33 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE" [2012-02-29 249440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-31 280576]
.
c:\users\Lančin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-08-29 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-08-16 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-08-16 49664]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
S2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2012-07-05 4209856]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 122376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2014-07-24 27768]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-07-24 109256]
S3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-19 47360]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-07-24 564912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.olmici.cz/hry-olmici
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lančin\AppData\Roaming\Mozilla\Firefox\Profiles\9mn8fqyf.default-1388217033647\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,08,40,9e,e9,7a,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,46,60,85,58,c0,28,4d,b8,f6,7c,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-07 10:28:55
ComboFix-quarantined-files.txt 2014-12-07 09:28
ComboFix2.txt 2014-12-06 13:46
ComboFix3.txt 2014-12-04 20:04
.
Pre-Run: 420 289 294 336 bytes free
Post-Run: 420 247 052 288 bytes free
.
- - End Of File - - 6EDC8B796DB1D16D1E10B9A229FB4CE8
A36C5E4F47E84449FF07ED3517B43A31

Mel · Příspěvekod **Mel** » 07 pro 2014 10:40

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:59, on 7. 12. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\IrfanView\i_view32.exe
C:\Windows\Explorer.exe
C:\Users\Lančin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.olmici.cz/hry-olmici
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX130" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Epson Redirect Agent (ENAgent) - SEIKO EPSON CORPORATION - C:\Windows\system32\ENAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 6812 bytes

Mel · Příspěvekod **Mel** » 07 pro 2014 10:40

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-07 10:35:22
-----------------------------
10:35:22.252 OS Version: Windows 6.1.7601 Service Pack 1
10:35:22.252 Number of processors: 2 586 0x170A
10:35:22.252 ComputerName: LANČIN-PC UserName: Lančin
10:35:23.469 Initialize success
10:35:23.516 VM: initialized successfully
10:35:23.516 VM: Intel CPU supported
10:35:36.884 VM: not used
10:35:47.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:35:47.243 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA50E Size: 476940MB BusType: 3
10:35:47.337 Disk 0 MBR read successfully
10:35:47.337 Disk 0 MBR scan
10:35:47.337 Disk 0 Windows 7 default MBR code
10:35:47.337 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:35:47.352 Disk 0 default boot code
10:35:47.368 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:35:47.368 Disk 0 scanning sectors +976771072
10:35:47.446 Disk 0 scanning C:\Windows\system32\drivers
10:35:53.733 Service scanning
10:36:09.505 Modules scanning
10:36:09.505 Disk 0 trace - called modules:
10:36:09.520 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:36:09.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ef638]
10:36:09.536 3 CLASSPNP.SYS[88bc259e] -> nt!IofCallDriver -> [0x85526900]
10:36:09.536 5 ACPI.sys[888c13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85547030]
10:36:09.551 Disk 0 statistics 70833/0/0 @ 5,76 MB/s
10:36:09.551 Scan finished successfully
10:36:18.287 Disk 0 MBR has been saved successfully to "C:\Users\Lančin\Desktop\MBR.dat"
10:36:18.303 The log file has been saved successfully to "C:\Users\Lančin\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 08 pro 2014 09:59

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Ten script v Combofixu zopakuj , v nouz. režimu.

Mel · Příspěvekod **Mel** » 11 pro 2014 20:19

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:18:19, on 11. 12. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\MsiExec.exe
C:\Users\Lančin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.olmici.cz/hry-olmici
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX130" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Epson Redirect Agent (ENAgent) - SEIKO EPSON CORPORATION - C:\Windows\system32\ENAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 7187 bytes

Mel · Příspěvekod **Mel** » 11 pro 2014 20:19

ComboFix 14-12-04.01 - Lančin . 12. 2014 20:01:03.4.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2012.1271 [GMT 1:00]
Running from: c:\users\Lančin\Desktop\ComboFix.exe
Command switches used :: c:\users\Lančin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-11-11 to 2014-12-11 )))))))))))))))))))))))))))))))
.
.
2014-12-11 19:06 . 2014-12-11 19:08 -------- d-----w- c:\users\Lančin\AppData\Local\temp
2014-12-11 19:06 . 2014-12-11 19:06 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-12-11 19:06 . 2014-12-11 19:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-12-11 19:06 . 2014-12-11 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-11 19:06 . 2014-12-11 19:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-12-11 02:26 . 2014-12-11 02:26 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 02:09 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 02:09 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-11 02:09 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 02:09 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 02:09 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 00:18 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-11 00:16 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-11 00:15 . 2014-07-07 01:40 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2014-12-11 00:15 . 2014-10-30 01:46 1174528 ----a-w- c:\windows\system32\crypt32.dll
2014-12-11 00:15 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-11 00:14 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 00:14 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-11 00:14 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-11 00:14 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-11 00:14 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 04:15 . 2014-12-10 04:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDEEDBB7-E62F-4BFA-81E9-2EB198B7EC29}\offreg.dll
2014-12-09 12:08 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDEEDBB7-E62F-4BFA-81E9-2EB198B7EC29}\mpengine.dll
2014-12-06 13:29 . 2014-12-06 13:29 -------- d-----w- c:\programdata\ProductData
2014-12-05 08:05 . 2014-12-05 08:05 -------- d-----w- c:\users\Lančin\AppData\Roaming\Dream Aquarium
2014-12-05 08:05 . 2014-12-05 08:05 -------- d-----w- c:\program files\Dream Aquarium
2014-12-04 20:04 . 2014-12-06 06:26 -------- d-----w- c:\users\Lančin\AppData\Local\CrashDumps
2014-12-04 19:32 . 2014-12-04 19:17 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-04 19:17 . 2014-12-04 19:35 -------- d-----w- C:\zoek_backup
2014-12-04 10:37 . 2014-12-04 19:06 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-04 10:36 . 2014-12-04 10:37 -------- d-----w- c:\programdata\RogueKiller
2014-12-04 07:03 . 2014-12-04 09:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-04 07:02 . 2014-12-04 07:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-04 07:02 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-04 07:02 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-04 06:53 . 2014-12-04 08:57 -------- d-----w- C:\AdwCleaner
2014-12-04 06:47 . 2014-12-04 06:47 -------- d-----w- c:\users\Lančin\AppData\Local\Adobe
2014-11-22 17:03 . 2014-11-22 17:03 -------- d-sh--w- c:\users\Lančin\AppData\Local\EmieBrowserModeList
2014-11-18 21:13 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 21:13 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 23:47 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 23:47 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 23:47 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-11 23:47 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 23:47 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 05:30 . 2012-04-19 06:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 05:30 . 2011-09-19 16:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 05:14 . 2012-07-20 07:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-04 13:30 . 2011-09-19 16:37 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 07:59 . 2014-10-10 07:59 191928 ----a-w- c:\windows\system32\drivers\eamonm.sys
2014-10-10 07:59 . 2014-10-10 07:59 135296 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2014-10-10 07:59 . 2014-10-10 07:59 123424 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2014-09-25 01:40 . 2014-10-08 04:42 519680 ----a-w- c:\windows\system32\qdvd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-11-11 . D4EB5D50A5171245223ED7BC6427FBCD . 74752 . . [6.1.7601.22865] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_ec99acb4539d1a87\tdx.sys
[-] 2014-11-11 . 7FE680A3DFA421C4A8E4879AE4C5AAB0 . 74752 . . [6.1.7601.18658] . . c:\windows\System32\drivers\tdx.sys
[-] 2014-11-11 . 7FE680A3DFA421C4A8E4879AE4C5AAB0 . 74752 . . [6.1.7601.18658] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_ec1ddecd3a74adaa\tdx.sys
[-] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\erdnt\cache\tdx.sys
[-] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7601.22856] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22856_none_78674e03124dbd1f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7601.18526] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7601.22473] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7601.22380] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7601.18205] . . c:\windows\erdnt\cache\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7601.18151] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7601.22322] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7601.22321] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7601.18150] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[-] 2012-06-02 . F2FDE6C8DBAAD44CC58D1E07E4AF4EED . 139264 . . [6.1.7600.17035] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[-] 2012-06-02 . EA8C26ECF1656D9647EF044F115EC6DA . 141312 . . [6.1.7600.21225] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[-] 2012-04-24 . 520A108A2657F4BCA7FCED9CA7D885DE . 139264 . . [6.1.7600.17008] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[-] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[-] 2012-04-24 . F522279B4717E2BFF269C771FAC2B78E . 141312 . . [6.1.7600.21199] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
[-] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17496] . . c:\windows\System32\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_996f5b047ee36e8f\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17496] . . c:\windows\erdnt\cache\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_997c424c7ed96bab\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_99895cd67ecf68c7\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_9997e3e07ec3cbd3\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_999215667ec933c9\mshtml.dll
[-] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_998f42187ecbb482\mshtml.dll
[-] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_999c29607ec1b19e\mshtml.dll
[-] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_999a12047ec39891\mshtml.dll
[-] 2014-04-29 . 027AC2B05139DBF9BC1D0548EF5E64C0 . 17074688 . . [11.00.9600.16661] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16661_none_996a8aee7ee62563\mshtml.dll
[-] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_999a3f947ec3654f\mshtml.dll
[-] 2014-03-30 . CCF19C82F6145E4A467F7CB9AF82026C . 17073152 . . [11.00.9600.16659] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_9968d4647ee7d914\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_99a96bc87eb74836\mshtml.dll
[-] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_997159b27ee1a416\mshtml.dll
[-] 2014-02-06 . C863E5A2417DF0F2A31ED32C3B2CB23F . 17103872 . . [11.00.9600.16518] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_996fb9f07ee33e26\mshtml.dll
[-] 2013-11-26 . BFAFE990C4A191E83843362B5AC64A9B . 17112576 . . [11.00.9600.16476] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_9980b9287ed586fd\mshtml.dll
[-] 2013-11-12 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_997b8a267eda3b8c\mshtml.dll
[-] 2013-09-22 . 9D6D52AED095BC8C9023AA739E978EAC . 14364672 . . [10.00.9200.20831] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20831_none_1e10fa96f3fe7488\mshtml.dll
[-] 2013-09-22 . A7221924181C8EB92B64C5A2D888BEA5 . 14335488 . . [10.00.9200.16721] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_34e870d4da4fdf8b\mshtml.dll
[-] 2013-08-10 . A0FAB45701EFAA4EDA60B7614ED431BE . 14362624 . . [10.00.9200.20794] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20794_none_1e2187e6f3f13d84\mshtml.dll
[-] 2013-08-10 . 5D2D7E7850CE963C2F401D4DEE7BB32A . 14332928 . . [10.00.9200.16686] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_34f8d094da42dbc9\mshtml.dll
[-] 2013-08-01 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16635] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_34f3e5eada474375\mshtml.dll
[-] 2013-07-26 . E631B408882F8320739F6E0CAF444397 . 14329344 . . [10.00.9200.16660] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16660_none_34f758b0da440f55\mshtml.dll
[-] 2013-07-26 . 523D2E830830FD6DA5B7FAAE3C251BC5 . 14356480 . . [10.00.9200.20768] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20768_none_1e1e2be8f3f45803\mshtml.dll
[-] 2013-05-29 . 4ACB8A0EA4A1BEAA4FA92680BB71C542 . 12335104 . . [9.00.8112.20606] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20606_none_2c66f5555578b053\mshtml.dll
[-] 2013-05-29 . 7BD6A6DFA75B665FA8F21BB21E59EC11 . 12333568 . . [9.00.8112.16496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16496_none_2b7c07583ca40edb\mshtml.dll
[-] 2013-02-22 . 474D43D76E2A33FEE21C6F4BB7C4A3B7 . 12324864 . . [9.00.8112.20586] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_2c10740f55b992b4\mshtml.dll
[-] 2013-02-22 . 658EBC74BD38D16805648C4775F7FA82 . 12324352 . . [9.00.8112.16476] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_2b91a7303c93d6f9\mshtml.dll
[-] 2013-02-02 . 88C27474E61271B49677F22CEE76FB3E . 12322304 . . [9.00.8112.20580] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20580_none_2c0a725355befaaa\mshtml.dll
[-] 2013-02-02 . 263963D93A3CA8F685EFA5966F1E6581 . 12321792 . . [9.00.8112.16470] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16470_none_2b8ba5743c993eef\mshtml.dll
[-] 2013-01-08 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16464] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_2b9a76883c8d885a\mshtml.dll
[-] 2013-01-08 . B6AD225B3BCC07332FBB2C2824315534 . 12322304 . . [9.00.8112.20573] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_2c18431d55b42abe\mshtml.dll
[-] 2012-11-14 . 07F649CD36F266BBE33B814FA678AA43 . 12320256 . . [9.00.8112.16457] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_2ba847523c82b86e\mshtml.dll
[-] 2012-11-14 . 8021EF27048F9ECE5286EA8C8EED23B8 . 12321280 . . [9.00.8112.20565] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20565_none_2c25139d55aa417b\mshtml.dll
[-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16455] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_2ba646be3c8485c0\mshtml.dll
[-] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.20562] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_2c2212bf55acf576\mshtml.dll
[-] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.20557] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_2c31e41d55a05838\mshtml.dll
[-] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16450] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_2ba1454c3c89070d\mshtml.dll
[-] 2012-07-11 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16447] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_2bb3173e3c7a9c7d\mshtml.dll
[-] 2012-07-11 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.20553] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_2c2de2f555a3f2dc\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16448] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_2bb417883c79b5d4\mshtml.dll
[-] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.20554] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_2c2ee33f55a30c33\mshtml.dll
[-] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16446] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_2bb216f43c7b8326\mshtml.dll
[-] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.20551] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_2c2be26155a5c02e\mshtml.dll
[-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16443] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_2baf16163c7e3721\mshtml.dll
[-] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.20548] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_2c3db4535597559e\mshtml.dll
[-] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16441] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_2bad15823c800473\mshtml.dll
.
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] . . c:\windows\System32\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] . . c:\windows\erdnt\cache\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[-] 2014-02-06 . 9C89246184979A070B0C6CCF61C68136 . 1820160 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16518_none_88159ad1fe8cd4f0\wininet.dll
[-] 2013-11-26 . 927FA6456AD6D7630F6854828D2FD16B . 1820160 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16476_none_88269a09fe7f1dc7\wininet.dll
[-] 2013-11-12 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[-] 2013-09-22 . 67220EB57550F10E1219D57D89937456 . 1777152 . . [10.00.9200.20830] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_0cb6db7873a80b52\wininet.dll
[-] 2013-09-22 . E4FEB264B47360B7296AEA4E052F88D8 . 1767936 . . [10.00.9200.16720] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_238e51b659f97655\wininet.dll
[-] 2013-08-10 . 26BD13BB9196C2D8F8155C3C6169BC22 . 1777664 . . [10.00.9200.20794] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20794_none_0cc768c8739ad44e\wininet.dll
[-] 2013-08-10 . 535F6263035F2530A62D5D64EF6E73D3 . 1767936 . . [10.00.9200.16686] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_239eb17659ec7293\wininet.dll
[-] 2013-08-01 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16635] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[-] 2013-07-26 . DAA3903F06116AE9EE7AC1D1B93684A4 . 1767936 . . [10.00.9200.16660] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_239d399259eda61f\wininet.dll
[-] 2013-07-26 . DE581A5E0E70BB63898F8776EB274428 . 1777664 . . [10.00.9200.20768] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20768_none_0cc40cca739deecd\wininet.dll
[-] 2013-05-29 . 745410A5E043E8F880C932007034F8B6 . 1129984 . . [9.00.8112.20606] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20606_none_1b0cd636d522471d\wininet.dll
[-] 2013-05-29 . EA952A5C277CABCBA69EA806146BB984 . 1129472 . . [9.00.8112.16496] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16496_none_1a21e839bc4da5a5\wininet.dll
[-] 2013-02-22 . C5B6468422DB1C8AA36C32CBB0197E5E . 1129472 . . [9.00.8112.16476] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16476_none_1a378811bc3d6dc3\wininet.dll
[-] 2013-02-22 . 490E24D5E427DFA55B1C1182F0DB861C . 1129984 . . [9.00.8112.20586] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20586_none_1ab654f0d563297e\wininet.dll
[-] 2013-02-02 . 1284D72C04B553ED5382EA14303D66DB . 1129472 . . [9.00.8112.20580] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll
[-] 2013-02-02 . 03728C624D05C2F157BBD46F6B7F6EA0 . 1129472 . . [9.00.8112.16470] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll
[-] 2013-01-08 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16464] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[-] 2013-01-08 . 16C45E6881449C6330567E51C13920FA . 1129472 . . [9.00.8112.20573] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll
[-] 2012-11-14 . 7FA3A810F383588D46220967DE8B64FF . 1129472 . . [9.00.8112.16457] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16457_none_1a4e2833bc2c4f38\wininet.dll
[-] 2012-11-14 . 0635D714351F842D43EA184E75C4A3FF . 1129472 . . [9.00.8112.20565] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20565_none_1acaf47ed553d845\wininet.dll
[-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16455] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll
[-] 2012-10-08 . 6E3AC8A54A1881806BA2B58539483788 . 1129472 . . [9.00.8112.20562] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll
[-] 2012-08-24 . 2895E29EFCFC0B1BCF8AEE1A0C67913C . 1129472 . . [9.00.8112.20557] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll
[-] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16450] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll
[-] 2012-07-11 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16447] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[-] 2012-07-11 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.20553] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[-] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.20554] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[-] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16446] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
[-] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.20551] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
[-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[-] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[-] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[-] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.20546] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
[-] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.20544] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[-] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[-] 2011-09-19 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll
[-] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16437] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
[-] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.20537] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll
[-] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[-] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
[-] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[-] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
[-] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[-] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[-] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[-] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-20 04:33 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE" [2012-02-29 249440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-11-27 30524520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5088456]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-31 280576]
.
c:\users\Lančin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-08-29 24424]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-08-16 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-08-16 49664]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2014-10-01 1349576]
S2 ENAgent;Epson Redirect Agent;c:\windows\system32\ENAgent.exe [2012-07-05 4209856]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2014-10-10 123424]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2014-07-24 27768]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-07-24 109256]
S3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-19 47360]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-07-24 564912]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 05:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.olmici.cz/hry-olmici
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lančin\AppData\Roaming\Mozilla\Firefox\Profiles\9mn8fqyf.default-1388217033647\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-12-11 20:14:10 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-11 19:14
ComboFix2.txt 2014-12-07 09:28
ComboFix3.txt 2014-12-06 13:46
ComboFix4.txt 2014-12-04 20:04
.
Pre-Run: 415 198 965 760 bytes free
Post-Run: 417 245 437 952 bytes free
.
- - End Of File - - 5D66D6D782B8620A6B173CEF01414DF9
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 12 pro 2014 09:46

Ten fix v HJT si zopakuj , návod zde:
viewtopic.php?f=70&t=5119

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Mel · Příspěvekod **Mel** » 13 pro 2014 10:05

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-13 10:00:37
-----------------------------
10:00:37.887 OS Version: Windows 6.1.7601 Service Pack 1
10:00:37.887 Number of processors: 2 586 0x170A
10:00:37.887 ComputerName: LANČIN-PC UserName: Lančin
10:01:20.163 Initialize success
10:01:20.273 VM: initialized successfully
10:01:20.273 VM: Intel CPU supported
10:01:33.751 VM: not used
10:01:39.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:01:39.134 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA50E Size: 476940MB BusType: 3
10:01:39.274 Disk 0 MBR read successfully
10:01:39.274 Disk 0 MBR scan
10:01:39.290 Disk 0 Windows 7 default MBR code
10:01:39.290 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:01:39.305 Disk 0 default boot code
10:01:39.321 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:01:39.337 Disk 0 scanning sectors +976771072
10:01:39.524 Disk 0 scanning C:\Windows\system32\drivers
10:01:47.511 Service scanning
10:01:56.450 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
10:01:56.918 Service epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
10:02:08.524 Modules scanning
10:02:08.524 Disk 0 trace - called modules:
10:02:08.540 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:02:08.540 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ed460]
10:02:08.555 3 CLASSPNP.SYS[88bb459e] -> nt!IofCallDriver -> [0x8551b918]
10:02:08.555 5 ACPI.sys[8889f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85576338]
10:02:08.555 Disk 0 statistics 70843/0/0 @ 4,74 MB/s
10:02:08.571 Scan finished successfully
10:02:40.645 Disk 0 MBR has been saved successfully to "C:\Users\Lančin\Desktop\MBR.dat"
10:02:40.645 The log file has been saved successfully to "C:\Users\Lančin\Desktop\aswMBR.txt"

Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Re: Prosím o kontrolu logu, celé zle..

Kdo je online