ComboFix 13-08-12.01 - Mira 13.08.2013  11:16:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.16351.14199 [GMT 2:00]
Sputn z: c:\users\Mira\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mira\AppData\Roaming\inst.exe
c:\users\Mira\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-07-13 do 2013-08-13  )))))))))))))))))))))))))))))))
.
.
2013-08-13 09:19 . 2013-08-13 09:19	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-13 09:19 . 2013-08-13 09:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-13 08:59 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05D07338-499B-41E5-8C42-E498BDD61D7D}\mpengine.dll
2013-08-11 19:06 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-08 11:17 . 2013-08-08 11:17	--------	d-----w-	c:\users\Mira\AppData\Roaming\Posta
2013-08-01 23:06 . 2013-08-01 23:06	--------	d-----w-	c:\users\Mira\AppData\Roaming\savegames
2013-07-29 18:50 . 2013-08-01 23:18	--------	d-----w-	c:\users\Mira\AppData\Roaming\Kalypso Media
2013-07-23 10:47 . 2013-07-23 10:58	--------	d-----w-	c:\program files (x86)\Google
2013-07-23 10:47 . 2013-07-23 10:58	--------	d-----w-	c:\users\Mira\AppData\Local\Google
2013-07-17 15:15 . 2013-07-17 15:14	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C30D064-C104-4127-A925-8432D49349DB}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 00:08 . 2013-03-09 00:05	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-07-19 00:08 . 2013-03-08 22:35	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-07-19 00:08 . 2013-03-08 22:35	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-07-16 06:28 . 2013-03-08 12:24	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 06:28 . 2013-03-08 12:24	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-23 22:57 . 2013-03-08 12:12	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-06-21 19:57 . 2013-03-12 20:30	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-21 12:06 . 2013-07-01 15:39	925648	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-06-21 12:06 . 2013-07-01 15:39	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 15:39	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 15:39	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 15:39	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 15:39	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 15:39	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 15:39	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 15:39	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 15:39	432928	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2013-06-21 12:06 . 2013-07-01 15:39	372000	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2013-06-21 12:06 . 2013-07-01 15:39	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 15:39	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 15:39	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 15:39	266448	----a-w-	c:\windows\system32\nvinitx.dll
2013-06-21 12:06 . 2013-07-01 15:39	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-07-01 15:39	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 15:39	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 15:39	218592	----a-w-	c:\windows\system32\nvoglshim64.dll
2013-06-21 12:06 . 2013-07-01 15:39	214448	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-06-21 12:06 . 2013-07-01 15:39	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 15:39	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 15:39	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 15:39	181488	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2013-06-21 12:06 . 2013-07-01 15:39	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 15:39	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 15:39	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-07-01 15:39	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-03-09 00:16	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-03-09 00:16	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-03-08 11:48	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-03-08 11:48	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-25 23:32	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 23:32	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-25 23:32	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-03-08 11:48	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-03-08 11:48	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-03-08 11:48	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-03-08 11:48	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-03-08 11:48	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-20 04:17 . 2013-03-08 11:48	3253909	----a-w-	c:\windows\system32\nvcoproc.bin
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2013-01-20 14:59	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-11 23:43 . 2013-07-10 12:12	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-10 12:12	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-10 12:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-10 12:12	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-10 12:12	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-10 12:12	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-10 12:12	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-10 12:12	19238912	----a-w-	c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-10 12:12	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-10 12:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-10 12:12	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-10 12:12	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-10 12:12	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-10 12:12	526336	----a-w-	c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-10 12:12	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-10 12:12	2648576	----a-w-	c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-10 12:12	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-10 12:12	15404032	----a-w-	c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-10 12:12	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-10 12:12	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-10 12:13	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-10 12:13	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 12:08	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:08	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:08	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-05-28 17:23 . 2013-05-28 17:23	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-28 13:05 . 2013-06-20 12:02	163328	----a-w-	c:\windows\SysWow64\FlashPlayerUpdateService.exe
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261519~1.190\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Sluba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 gupdatem;Sluba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola st Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Obsah adrese 'Naplnovan lohy'
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 13:05]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplkov sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
TCP: Interfaces\{085BBBD4-89CE-44BB-B721-B0D84757286A}: NameServer = 192.168.1.1,192.168.1.9
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-684142496-2042527380-1803846549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,8f,6a,cc,74,2e,ab,39,e1,77,f4,5a,4e,7d,ec,b9,d6,69,a3,e9,df,e5,e3,
   11,ba,6e,5f,eb,4e,45,37,da,2a,97,b4,b5,be,3b,7d,2f,c0,e1,cd,12,93,1e,da,52,\
"??"=hex:4a,c1,8c,49,a5,0c,d4,31,e7,8e,b3,ac,75,2c,45,f1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-HXXM-JBUT-11TB-S3C9-SM9B-3JKCGJW"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2013-08-13  11:20:26
ComboFix-quarantined-files.txt  2013-08-13 09:20
.
Ped sputnm: Volnch bajt: 61026676736
Po sputn: Volnch bajt: 60743852032
.
- - End Of File - - B93DC58035F2647241A5693E065237B1
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 13-10-04.02 - Mira 07.10.2013  18:54:24.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.16351.14260 [GMT 2:00]
Sputn z: c:\users\Mira\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-09-07 do 2013-10-07  )))))))))))))))))))))))))))))))
.
.
2013-10-07 16:56 . 2013-10-07 16:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-10-07 16:56 . 2013-10-07 16:56	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-10-07 16:56 . 2013-10-07 16:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-07 16:07 . 2013-10-07 16:07	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CADDC35-B62B-40D1-99CF-603059186850}\offreg.dll
2013-10-06 12:26 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CADDC35-B62B-40D1-99CF-603059186850}\mpengine.dll
2013-10-06 07:18 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-06 01:06 . 2013-10-06 01:06	--------	d-----w-	C:\Temp
2013-10-06 00:11 . 2013-10-06 00:11	--------	d-----w-	c:\program files (x86)\MSI Kombustor 2.5
2013-10-04 22:41 . 2013-10-04 22:41	--------	d-----w-	c:\users\Mira\AppData\Roaming\Bitcoin
2013-09-30 16:37 . 2013-09-30 16:37	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-09-29 18:55 . 2013-09-29 18:55	--------	d-----w-	c:\users\Mira\AppData\Local\NextUp
2013-09-29 18:55 . 2013-09-29 18:55	--------	d-----w-	c:\programdata\NextUp
2013-09-29 17:34 . 2013-09-29 17:34	--------	d-----w-	c:\programdata\Package Cache
2013-09-23 22:34 . 2013-09-23 22:35	--------	d-----w-	c:\users\Mira\AppData\Roaming\Posta
2013-09-13 08:05 . 2013-07-26 02:24	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-09-11 17:48 . 2004-10-22 00:18	749568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-09-11 17:48 . 2004-10-22 00:17	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-09-11 17:48 . 2004-10-22 00:17	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-09-11 17:48 . 2004-10-22 00:16	180224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-09-11 17:48 . 2004-10-22 00:16	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-09-11 17:48 . 2013-09-11 17:48	323716	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-09-11 17:48 . 2013-09-11 17:48	192644	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-09-08 14:11 . 2013-09-12 12:35	--------	d-----w-	c:\users\Mira\AppData\Roaming\Dropbox
2013-09-07 21:18 . 2013-09-23 22:22	--------	d-----w-	c:\users\Mira\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-07 09:37 . 2013-03-08 22:35	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-10-07 09:37 . 2013-03-08 22:35	215416	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-09-29 17:34 . 2013-03-08 22:35	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-09-28 19:45 . 2013-03-09 00:05	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-09-27 08:57 . 2013-07-01 15:39	15232424	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-09-27 08:57 . 2013-03-09 00:16	18229224	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-09-27 08:57 . 2013-03-09 00:16	15832920	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-09-27 08:57 . 2013-03-08 11:48	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-09-27 08:57 . 2013-03-08 11:48	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-09-27 08:57 . 2013-02-25 23:32	3052616	----a-w-	c:\windows\system32\nvapi64.dll
2013-09-27 08:57 . 2013-02-25 23:32	1432408	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-09-27 08:57 . 2013-02-25 23:32	18259624	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-09-27 07:45 . 2013-03-08 11:48	6641440	----a-w-	c:\windows\system32\nvcpl.dll
2013-09-27 07:45 . 2013-03-08 11:48	3483424	----a-w-	c:\windows\system32\nvsvc64.dll
2013-09-27 07:44 . 2013-03-08 11:48	922912	----a-w-	c:\windows\system32\nvvsvc.exe
2013-09-27 07:44 . 2013-03-08 11:48	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-09-27 07:44 . 2013-03-08 11:48	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-09-27 07:44 . 2013-03-08 11:48	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-09-26 13:32 . 2013-03-08 11:48	3386608	----a-w-	c:\windows\system32\nvcoproc.bin
2013-09-25 19:04 . 2013-03-08 12:24	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 19:04 . 2013-03-08 12:24	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 08:53 . 2013-03-08 12:12	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-09-06 12:41 . 2013-09-06 12:42	965008	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{652FCF58-0EAA-406B-A1DB-107E433DD1B3}\gapaengine.dll
2013-08-26 09:05 . 2013-03-12 20:30	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-13 08:05	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 21:25	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 21:25	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 21:25	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 21:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 cpuz136;cpuz136;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola st Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Obsah adrese 'Naplnovan lohy'
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-25 19:04]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplkov sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
TCP: Interfaces\{085BBBD4-89CE-44BB-B721-B0D84757286A}: NameServer = 192.168.1.1,192.168.1.9
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-684142496-2042527380-1803846549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,8f,6a,cc,74,2e,ab,39,e1,77,f4,5a,4e,7d,ec,b9,d6,69,a3,e9,df,e5,e3,
   11,ba,6e,5f,eb,4e,45,37,da,2a,97,b4,b5,be,3b,7d,2f,c0,e1,cd,12,93,1e,da,52,\
"??"=hex:4a,c1,8c,49,a5,0c,d4,31,e7,8e,b3,ac,75,2c,45,f1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-HXXM-JBUT-11TB-S3C9-SM9B-3JKCGJW"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2013-10-07  18:57:16
ComboFix-quarantined-files.txt  2013-10-07 16:57
ComboFix2.txt  2013-08-13 09:20
.
Ped sputnm: Volnch bajt: 59479171072
Po sputn: Volnch bajt: 59273265152
.
- - End Of File - - 7DD309E553E27B64AC9DF17C8EE52D83
413FC2A0C716421B3158746D63736515
ComboFix 13-11-07.01 - Mira 10.11.2013   0:30.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.16351.14494 [GMT 1:00]
Sputn z: c:\users\Mira\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-10-09 do 2013-11-09  )))))))))))))))))))))))))))))))
.
.
2013-11-09 16:53 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403FAABB-57D7-45F9-829C-08D572692F4B}\mpengine.dll
2013-11-08 12:22 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-06 19:06 . 2013-10-20 11:52	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A717B8C-FD84-4007-82A7-A239173BFE7B}\gapaengine.dll
2013-10-28 16:24 . 2013-10-28 16:24	--------	d-----w-	c:\programdata\FlyVPN
2013-10-23 19:40 . 2013-10-23 19:40	--------	d-----w-	c:\programdata\WNR
2013-10-23 19:40 . 2013-10-23 19:40	--------	d-----w-	c:\users\Mira\AppData\Roaming\WNR
2013-10-23 19:40 . 2013-10-23 19:40	--------	d-----w-	c:\program files (x86)\Proxy Switcher Standard
2013-10-22 14:54 . 2013-10-16 00:48	1884448	----a-w-	c:\windows\system32\nvdispco6433158.dll
2013-10-22 14:54 . 2013-10-16 00:48	1511712	----a-w-	c:\windows\system32\nvdispgenco6433158.dll
2013-10-21 20:20 . 2013-10-21 20:30	--------	d-----w-	c:\users\Mira\AppData\Roaming\TeamViewer
2013-10-21 20:00 . 2013-10-21 20:00	--------	d-----w-	c:\program files (x86)\TeamViewer
2013-10-20 22:27 . 2013-10-20 22:27	--------	d-----w-	c:\users\Mira\AppData\Roaming\Rovio
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-09 22:50 . 2013-03-08 22:35	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-11-09 22:35 . 2013-03-08 22:35	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-10-27 21:34 . 2013-03-08 22:35	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-10-23 10:30 . 2013-09-30 16:35	2695200	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2013-07-01 15:39	15212336	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2013-03-09 00:16	18199872	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-10-23 10:30 . 2013-03-08 11:48	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2013-03-08 11:48	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-10-23 10:30 . 2013-02-25 23:32	3067560	----a-w-	c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2013-02-25 23:32	1435504	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2013-02-25 23:32	18286416	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-10-23 08:20 . 2013-03-08 11:48	6669600	----a-w-	c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-03-08 11:48	3489568	----a-w-	c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-03-08 11:48	922912	----a-w-	c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-03-08 11:48	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-03-08 11:48	219424	----a-w-	c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-03-08 11:48	3426956	----a-w-	c:\windows\system32\nvcoproc.bin
2013-10-20 19:13 . 2013-03-09 00:05	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-10-20 11:52 . 2013-03-12 20:30	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 21:47 . 2013-03-08 11:48	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2013-10-09 23:45 . 2013-03-08 12:12	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-08 20:06 . 2013-03-08 12:24	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 20:06 . 2013-03-08 12:24	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-27 08:57 . 2013-09-30 16:35	1884448	----a-w-	c:\windows\system32\nvdispco6433140.dll
2013-09-27 08:57 . 2013-09-30 16:35	1511712	----a-w-	c:\windows\system32\nvdispgenco6433140.dll
2013-09-22 23:28 . 2013-10-09 23:50	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 23:50	2876928	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 23:50	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 23:50	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 23:50	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 23:50	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 23:50	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 23:50	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 23:50	19252224	----a-w-	c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 23:50	855552	----a-w-	c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 23:50	3959296	----a-w-	c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 23:50	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 23:50	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 23:50	526336	----a-w-	c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 23:50	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 23:50	2647552	----a-w-	c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 23:50	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 23:50	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 23:50	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 23:50	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 23:50	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 23:50	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 16:54	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 16:54	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 16:54	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 16:54	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 16:54	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 16:54	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 16:54	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 16:54	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 16:54	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 16:54	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 16:54	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 16:54	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 16:54	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 16:54	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 16:54	859648	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 16:54	878080	----a-w-	c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 16:54	3969472	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 16:54	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 16:54	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 16:54	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 16:54	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 16:54	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 16:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 16:54	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 16:54	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 16:54	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 16:54	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 16:54	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 16:54	461312	----a-w-	c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	130736	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="d:\hra\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"msogdtdwSrv"="c:\windows\inf\msogdtdw.vbe" [2013-08-27 1558]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola st Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;c:\windows\system32\DRIVERS\tap0901_openvpn_accl.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901_openvpn_accl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 cpuz136;cpuz136;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Mira\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Obsah adrese 'Naplnovan lohy'
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-25 20:06]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 10:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17	164016	----a-w-	c:\users\Mira\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplkov sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
TCP: Interfaces\{085BBBD4-89CE-44BB-B721-B0D84757286A}: NameServer = 192.168.1.1,192.168.1.9
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-684142496-2042527380-1803846549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,8f,6a,cc,74,2e,ab,39,e1,77,f4,5a,4e,7d,ec,b9,d6,69,a3,e9,df,e5,e3,
   11,ba,6e,5f,eb,4e,45,37,da,2a,97,b4,b5,be,3b,7d,2f,c0,e1,cd,12,93,1e,da,52,\
"??"=hex:4a,c1,8c,49,a5,0c,d4,31,e7,8e,b3,ac,75,2c,45,f1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-HXXM-JBUT-11TB-S3C9-SM9B-3JKCGJW"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2013-11-10  00:33:42
ComboFix-quarantined-files.txt  2013-11-09 23:33
ComboFix2.txt  2013-10-07 16:57
ComboFix3.txt  2013-08-13 09:20
.
Ped sputnm: Volnch bajt: 57516900352
Po sputn: Volnch bajt: 57175465984
.
- - End Of File - - 66E3B02F67B29B1C62E45E491293671C
413FC2A0C716421B3158746D63736515
ComboFix 14-05-13.01 - Mira 13.05.2014  12:20:26.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.16351.14892 [GMT 2:00]
Sputn z: c:\users\Mira\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2014-04-13 do 2014-05-13  )))))))))))))))))))))))))))))))
.
.
2014-05-13 10:22 . 2014-05-13 10:22	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-05-13 10:22 . 2014-05-13 10:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-13 10:15 . 2014-05-13 10:15	--------	d-----w-	C:\FRST
2014-05-12 18:37 . 2014-04-16 10:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B54A75-494D-4F5D-93F9-5ECB721FDC23}\mpengine.dll
2014-05-11 09:22 . 2014-04-16 10:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 19:47 . 2014-05-02 09:16	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2557F159-F458-48AE-A176-85FE919B8DBD}\gapaengine.dll
2014-05-07 19:53 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-07 19:53 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-07 19:53 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-06 14:01 . 2014-05-06 14:01	--------	d-sh--w-	c:\users\Mira\AppData\Local\EmieUserList
2014-05-06 14:01 . 2014-05-06 14:01	--------	d-sh--w-	c:\users\Mira\AppData\Local\EmieSiteList
2014-05-06 13:21 . 2014-03-06 08:11	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-05-06 13:21 . 2014-03-06 07:46	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-05-06 13:21 . 2014-05-06 13:21	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-06 12:22 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-06 12:22 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-01 16:31 . 2014-05-01 16:31	--------	d-----w-	c:\users\Mira\AppData\Roaming\com.valve.FTP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 09:16 . 2014-03-14 17:33	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-29 09:55 . 2014-03-08 18:15	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 09:55 . 2014-03-08 18:15	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 05:25 . 2014-03-08 18:47	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-04 17:45 . 2014-03-08 21:27	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-04-01 00:36 . 2014-03-08 21:27	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-03-27 12:45 . 2014-04-07 17:21	9734744	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-03-27 12:45 . 2014-04-07 17:21	9697128	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-03-27 12:45 . 2014-04-07 17:21	894752	----a-w-	c:\windows\system32\NvIFR64.dll
2014-03-27 12:45 . 2014-04-07 17:21	891168	----a-w-	c:\windows\system32\NvFBC64.dll
2014-03-27 12:45 . 2014-04-07 17:21	864600	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-03-27 12:45 . 2014-04-07 17:21	859592	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-03-27 12:45 . 2014-04-07 17:21	836544	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-27 12:45 . 2014-04-07 17:21	491864	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2014-03-27 12:45 . 2014-04-07 17:21	415008	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-27 12:45 . 2014-04-07 17:21	382240	----a-w-	c:\windows\system32\NvIFROpenGL.dll
2014-03-27 12:45 . 2014-04-07 17:21	354016	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-03-27 12:45 . 2014-04-07 17:21	336672	----a-w-	c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-27 12:45 . 2014-04-07 17:21	3139928	----a-w-	c:\windows\system32\nvcuvid.dll
2014-03-27 12:45 . 2014-04-07 17:21	31270856	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-27 12:45 . 2014-04-07 17:21	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-03-27 12:45 . 2014-04-07 17:21	2949976	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-03-27 12:45 . 2014-04-07 17:21	2785056	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-07 17:21	2728160	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-27 12:45 . 2014-04-07 17:21	25257416	----a-w-	c:\windows\system32\nvcompiler.dll
2014-03-27 12:45 . 2014-04-07 17:21	2413344	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-07 17:21	23785416	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-03-27 12:45 . 2014-04-07 17:21	1890080	----a-w-	c:\windows\system32\nvdispco6433750.dll
2014-03-27 12:45 . 2014-04-07 17:21	17561544	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-03-27 12:45 . 2014-04-07 17:21	17467048	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-03-27 12:45 . 2014-04-07 17:21	166568	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-27 12:45 . 2014-04-07 17:21	15964736	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-03-27 12:45 . 2014-04-07 17:21	1539416	----a-w-	c:\windows\system32\nvdispgenco6433750.dll
2014-03-27 12:45 . 2014-04-07 17:21	146480	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-27 12:45 . 2014-04-07 17:21	13158232	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-03-27 12:45 . 2014-04-07 17:21	11644392	----a-w-	c:\windows\system32\nvcuda.dll
2014-03-27 12:45 . 2014-04-07 17:21	11598560	----a-w-	c:\windows\system32\nvopencl.dll
2014-03-27 12:45 . 2014-03-08 19:04	18493952	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-27 12:45 . 2014-03-08 19:04	14422856	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-27 12:45 . 2014-03-08 18:47	60248	----a-w-	c:\windows\system32\OpenCL.dll
2014-03-27 12:45 . 2014-03-08 18:47	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-03-27 12:45 . 2013-10-27 08:12	952440	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-27 12:45 . 2013-10-27 08:12	3106688	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-27 02:11 . 2014-03-08 18:47	6768584	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-27 02:11 . 2014-03-08 18:47	3512664	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-27 02:11 . 2014-03-08 18:47	927520	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-27 02:11 . 2014-03-08 18:47	63776	----a-w-	c:\windows\system32\nvshext.dll
2014-03-27 02:11 . 2014-03-08 18:47	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-27 02:11 . 2014-03-08 18:47	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-24 10:31 . 2014-03-08 18:47	3683457	----a-w-	c:\windows\system32\nvcoproc.bin
2014-03-17 20:11 . 2014-03-29 10:06	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-11 07:52 . 2013-09-27 08:53	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-08 21:27 . 2014-03-08 21:27	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-03-08 19:35 . 2014-03-08 19:35	16896	----a-w-	c:\windows\AsTaskSched.dll
2014-03-08 18:43 . 2014-03-08 18:43	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-03-08 18:35 . 2014-03-08 18:35	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-03-08 18:35 . 2014-03-08 18:35	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-03-08 18:35 . 2014-03-08 18:35	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 18:35 . 2014-03-08 18:35	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-03-08 18:35 . 2014-03-08 18:35	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 18:35 . 2014-03-08 18:35	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-03-08 18:35 . 2014-03-08 18:35	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-03-08 18:35 . 2014-03-08 18:35	81408	----a-w-	c:\windows\system32\icardie.dll
2014-03-08 18:35 . 2014-03-08 18:35	774144	----a-w-	c:\windows\system32\jscript.dll
2014-03-08 18:35 . 2014-03-08 18:35	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-03-08 18:35 . 2014-03-08 18:35	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 18:35 . 2014-03-08 18:35	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 18:35 . 2014-03-08 18:35	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-03-08 18:35 . 2014-03-08 18:35	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-03-08 18:35 . 2014-03-08 18:35	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-03-08 18:35 . 2014-03-08 18:35	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 18:35 . 2014-03-08 18:35	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-03-08 18:35 . 2014-03-08 18:35	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-03-08 18:35 . 2014-03-08 18:35	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-03-08 18:35 . 2014-03-08 18:35	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-03-08 18:35 . 2014-03-08 18:35	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-03-08 18:35 . 2014-03-08 18:35	413696	----a-w-	c:\windows\system32\html.iec
2014-03-08 18:35 . 2014-03-08 18:35	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-03-08 18:35 . 2014-03-08 18:35	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-03-08 18:35 . 2014-03-08 18:35	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-03-08 18:35 . 2014-03-08 18:35	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-03-08 18:35 . 2014-03-08 18:35	247808	----a-w-	c:\windows\system32\msls31.dll
2014-03-08 18:35 . 2014-03-08 18:35	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-03-08 18:35 . 2014-03-08 18:35	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-03-08 18:35 . 2014-03-08 18:35	235520	----a-w-	c:\windows\system32\url.dll
2014-03-08 18:35 . 2014-03-08 18:35	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-03-08 18:35 . 2014-03-08 18:35	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-03-08 18:35 . 2014-03-08 18:35	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-03-08 18:35 . 2014-03-08 18:35	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-03-08 18:35 . 2014-03-08 18:35	147968	----a-w-	c:\windows\system32\occache.dll
2014-03-08 18:35 . 2014-03-08 18:35	143872	----a-w-	c:\windows\system32\wextract.exe
2014-03-08 18:35 . 2014-03-08 18:35	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-03-08 18:35 . 2014-03-08 18:35	13824	----a-w-	c:\windows\system32\mshta.exe
2014-03-08 18:35 . 2014-03-08 18:35	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-03-08 18:35 . 2014-03-08 18:35	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-03-08 18:35 . 2014-03-08 18:35	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-03-08 18:35 . 2014-03-08 18:35	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-03-08 18:35 . 2014-03-08 18:35	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-03-08 18:35 . 2014-03-08 18:35	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 18:35 . 2014-03-08 18:35	105984	----a-w-	c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola st Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Obsah adrese 'Naplnovan lohy'
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 09:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplkov sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
TCP: Interfaces\{550EE2CE-9C63-4512-B553-F28EEA837AE2}: NameServer = 192.168.1.1,192.168.1.9
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2014-05-13  12:22:59
ComboFix-quarantined-files.txt  2014-05-13 10:22
ComboFix2.txt  2013-11-09 23:33
ComboFix3.txt  2013-10-07 16:57
ComboFix4.txt  2013-08-13 09:20
.
Ped sputnm: Volnch bajt: 132209160192
Po sputn: Volnch bajt: 132493242368
.
- - End Of File - - E8A3FAC57878DBFA82E735AD752B84D0
413FC2A0C716421B3158746D63736515
