Policie ČR ransomware

[Hugo2377]

Dobrý den,

dnes se mi podařilo nakazit svůj pc falešným oznámením Policie ČR, kde mě obviňují z porušení autorského práva, distribuce pornografických, konkrétně pedofilních a zoofilních, videí, atd. Po chvíli googlování jsem zjistil, že se jedná o tzv. ransomeware a aplikoval jsem různá řešení, která v internetových diskusích navrhovali uživatelé, kteří měli, podobně jako já, tu čest s Policií ČR.

Nejdříve jsem postupoval podle tohoto návodu: http://www.odvirovani.cz/vir_policie_cr.html. Spustil jsem AVG rescue CD, scanoval pc (trvalo to asi tři hodiny...), celkem bylo nalezeno asi 5 věcí, s nadějí jsem po dokončení celého procesu spustil windows ve standardním módu, nicméně počítač byl znovu zablokován.

Znovu jsem ho proto restartoval a podle pokynů v jiné diskusi, jsem jej spustil v Safe modu. Následně jsem stáhnul program Hitman Pro a dal scanovat počítač. Po chvilce bylo nalezeno opět několik nálezů - asi tři soubory cookies, dva soubory označené jako "podezřelé" a jeden soubor natvrdo označený jako "ransomware". Řídil jsem se přednastavenou volbou programu a, v tomto případě nejspíš klíčový ransomware, jsem přesunul do karantény. Na výzvu jsem znovu restartoval pc. Bez problémů se spustil ve standardním modu a tentokrát již k zablokování Policií ČR nedošlo...

Nicméně mám dotaz, zda je problém zcela vyřešen nebo, jestli je třeba učinit ještě nějaké kroky k úplnému "vyléčení"? Má znalost práce s pc je přeci jen spíše na uživatelské úrovni a proto se raději ptám. Vím, že se zde tento problém už řešil a vím, že podstatnou část příspěvku tvořily nejrůznější výpisy z registrů. O tom nemám více méně ani páru, proto mi přišlo lepší zeptat se přímo v novém tématu, které bude odpovídat přímo mému případu.

Děkuji moc za pomoc

P.S. Program Hitman Pro, kterým se mi podařilo škodlivý ransomware izolovat mám pouze v trialové verzi na 30 dní. Chtěl bych se proto ještě zeptat, co se s virem stane po vypršení této třicetidenní doby?

[vyosek]

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

• Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

• Zadejte prikaz notepad a odenterujte
• Otebre se poznamkovy blok (notepad)
• Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
• Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
• Zavrete notepad krizkem

Ted si ziskame log

• Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
• Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
• Spusti se FRST
• Spuste prohledavani kliknutim na Scan
• Po chvili se vytvori na flash disku log FRST.exe
• Ten mi sem vlozte pres zdravy PC

[Hugo2377]

Log z programu FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013 01
Ran by Lucas Hugo (administrator) on 24-05-2013 20:15:40
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Farbar) E:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [976032 2011-09-17] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [799904 2011-09-17] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3603152 2013-04-15] (COMODO)
HKCU\...\Run: [Google Update] "C:\Users\Lucas Hugo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-24] (Google Inc.)
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A44D3X005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [Facebook Update] "C:\Users\Lucas Hugo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)
HKCU\...\Run: [Display Stix - System tray] C:\Program Files (x86)\Fractalis Software\Display Stix 2.5\dstix.exe [245760 2004-04-24] (Fractalis Software)
MountPoints2: {2cd4a561-2f28-11e1-9b1f-b870f4f54f09} - E:\setup.exe /autorun
MountPoints2: {7de09cef-2e6b-11e1-a2ed-b870f4f54f09} - "G:\WD SmartWare.exe" autoplay=true
MountPoints2: {dd409bd4-2e8b-11e1-b471-b870f4f54f09} - G:\Setup.exe
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Dell PC Suite] "C:\Program Files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe" /startoptions [598016 2010-03-11] (Teleca Sweden AB)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-13] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [162408 2011-09-13] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-03] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lucas Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Lucas Hugo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series (Síť).lnk
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series (Síť).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.seznam.cz/?q={searchTerms ... earch_6826
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.seznam.cz/?q={searchTerms ... earch_6826
SearchScopes: HKCU - {399a1442-7377-49e7-8d77-6dc9ed5968c1} URL = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
SearchScopes: HKCU - {5cf5d387-d87c-4408-9a6b-301b0713d62a} URL = http://www.mapy.cz/?query={searchTerms} ... earch_6826
SearchScopes: HKCU - {8172f457-818d-46db-941f-2bbe53e156af} URL =
SearchScopes: HKCU - {eb97f7df-1773-4916-aae6-5af74da8c69d} URL = http://www.firmy.cz/phr/{searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.113.44.11 195.113.0.2

FireFox:
========
FF ProfilePath: C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yandex.Bar - C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Facebook Desktop) - C:\Users\Lucas Hugo\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lucas Hugo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Lucas Hugo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (Gmail) - C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2074760 2013-04-19] ()
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-04-18] ()
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [706560 2013-04-15] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-04-15] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-25] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-24] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-04-25] (COMODO)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-25] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-24 20:15 - 2013-05-24 20:15 - 00000000 ____D C:\FRST
2013-05-24 19:40 - 2013-05-24 19:40 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-24 19:21 - 2013-05-24 19:21 - 00000804 ____A C:\Windows\PFRO.log
2013-05-24 19:11 - 2013-05-24 20:09 - 00203745 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-24 19:11 - 2013-05-24 19:11 - 00001863 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-24 19:11 - 2013-05-24 19:11 - 00000597 ____A C:\Users\Public\Desktop\Sdílený prostor.lnk
2013-05-24 19:11 - 2013-05-24 19:11 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-24 19:11 - 2013-05-24 19:11 - 00000000 ____D C:\Program Files\COMODO
2013-05-24 19:09 - 2013-05-24 19:11 - 00000000 ____D C:\ProgramData\COMODO
2013-05-24 19:09 - 2013-05-24 19:09 - 00002011 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-24 19:09 - 2013-05-24 19:09 - 00002007 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-24 19:05 - 2013-05-24 19:05 - 00001084 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-24 19:04 - 2013-05-24 19:25 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-24 19:04 - 2013-05-24 19:25 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-24 19:00 - 2013-05-24 19:01 - 151247144 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\cav_installer.exe
2013-05-24 18:59 - 2013-05-24 19:00 - 151247144 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\cfw_installer.exe
2013-05-24 18:56 - 2013-05-24 19:25 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-24 18:56 - 2013-05-24 19:04 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\Comodo
2013-05-24 18:56 - 2013-05-24 18:56 - 00001102 ____A C:\Users\Public\Desktop\Comodo IceDragon.lnk
2013-05-24 18:56 - 2013-05-24 18:56 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Comodo
2013-05-24 18:55 - 2013-05-24 18:55 - 33995688 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\icedragonsetup.exe
2013-05-24 18:18 - 2013-05-24 13:12 - 00816128 ____A C:\Users\Lucas Hugo\Desktop\RogueKiller.exe
2013-05-24 18:13 - 2013-05-24 18:15 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\RK_Quarantine
2013-05-24 18:02 - 2013-05-24 18:02 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-24 18:00 - 2013-05-24 18:00 - 00002466 ____A C:\Windows\System32\.crusader
2013-05-24 17:49 - 2013-05-24 18:01 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-24 17:49 - 2013-05-24 17:49 - 09818384 ____A (SurfRight B.V.) C:\Users\Lucas Hugo\Downloads\HitmanPro_x64.exe
2013-05-24 17:07 - 2013-05-24 17:07 - 00003480 ____N C:\bootsqm.dat
2013-05-24 11:54 - 2013-05-24 17:29 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-24 11:54 - 2013-05-24 11:54 - 00159744 ____A C:\Users\Lucas Hugo\4274950.dll
2013-05-24 11:54 - 2013-05-24 11:54 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-22 02:02 - 2013-05-22 02:02 - 244330496 ____A C:\Users\Lucas Hugo\Downloads\Real.Hustle.S1E04.CZ.cyberon.avi
2013-05-21 14:19 - 2013-05-21 14:19 - 244692992 ____A C:\Users\Lucas Hugo\Downloads\The.Real.Hustle.S3E06.CZ.avi
2013-05-20 23:11 - 2013-05-20 23:11 - 244338688 ____A C:\Users\Lucas Hugo\Downloads\The.Real.Hustle.S3E08.CZ.avi
2013-05-20 22:34 - 2013-05-20 22:34 - 00010899 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] The_Inbetweeners_Movie_(2011)_DVDRip_XviD_AC3-26K.6876867.TPB.torrent
2013-05-20 22:24 - 2013-05-20 22:25 - 244336640 ____A C:\Users\Lucas Hugo\Downloads\Real.Hustle.S1E05.CZ.cyberon.avi
2013-05-20 22:20 - 2013-05-20 22:20 - 00011349 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] 1658806.torrent
2013-05-20 21:16 - 2013-05-20 21:16 - 00019283 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game.of.Thrones.S02E10.HDTV.x264-ASAP.mp4.torrent
2013-05-20 20:08 - 2013-05-20 20:08 - 00039849 ____A C:\Users\Lucas Hugo\Downloads\308-cz.zip
2013-05-20 19:46 - 2013-05-20 19:46 - 00029959 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game of Thrones S03E08 HDTV x264-EVOLVE[ettv].torrent
2013-05-17 11:00 - 2013-05-17 11:00 - 00007582 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] The.Big.Bang.Theory.S06E24.HDTV.x264-LOL.[eztv].torrent
2013-05-17 10:57 - 2013-05-17 10:58 - 369803687 ____A C:\Users\Lucas Hugo\Downloads\reality kings erika es una peli porno is a porno film.wmv
2013-05-17 10:18 - 2013-05-17 10:21 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\ŘP_výsledky
2013-05-17 09:56 - 2013-05-24 19:41 - 00001350 ____A C:\Windows\setupact.log
2013-05-17 09:56 - 2013-05-17 09:56 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 00:21 - 2013-05-17 00:24 - 629145600 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part1.rar
2013-05-17 00:21 - 2013-05-17 00:23 - 629145600 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part2.rar
2013-05-17 00:21 - 2013-05-17 00:23 - 260338622 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part3.rar
2013-05-16 21:36 - 2013-05-16 21:36 - 00016458 ____A C:\Users\Lucas Hugo\Downloads\arrow-first-season_english-731591.zip
2013-05-16 20:57 - 2013-05-16 20:57 - 00024729 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Arrow S01E23 HDTV x264-LOL[ettv].torrent
2013-05-16 10:48 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 10:48 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 10:48 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 10:48 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 10:48 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 10:48 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 10:48 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 10:48 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 10:48 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 10:48 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 10:48 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 10:48 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-16 01:21 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 01:21 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 01:21 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 01:20 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 01:20 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 01:20 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 01:20 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 01:20 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 01:20 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 01:20 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 01:20 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 01:20 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 01:20 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 01:20 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 15:32 - 2013-05-15 15:32 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 14:32 - 2013-05-15 14:32 - 00011386 ____A C:\Users\Lucas Hugo\Downloads\bbtcz-s06e23_v1.zip
2013-05-14 23:13 - 2013-05-14 23:13 - 00032759 ____A C:\Users\Lucas Hugo\Desktop\žaloby.xlsx
2013-05-14 11:35 - 2013-05-14 11:35 - 00012362 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Once.Upon.a.Time.S02E22.HDTV.x264-LOL.mp4.torrent
2013-05-14 11:33 - 2013-05-14 11:33 - 00008270 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] How.I.Met.Your.Mother.S08E24.HDTV.x264-LOL.[eztv].torrent
2013-05-14 00:16 - 2013-05-14 00:16 - 00047760 ____A C:\Users\Lucas Hugo\Downloads\307-cz.zip
2013-05-13 23:54 - 2013-05-13 23:54 - 00018799 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game.of.Thrones.S03E07.HDTV.x264-2HD.[eztv].torrent
2013-05-10 12:02 - 2013-05-10 12:02 - 00012537 ____A C:\Users\Lucas Hugo\Downloads\12765b117ce316c0599f57601a2ba4320ad0bd72.zip
2013-05-10 11:25 - 2013-05-10 11:25 - 00012007 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Arrow.S01E22.HDTV.x264-LOL.mp4.torrent
2013-05-10 11:24 - 2013-05-10 11:24 - 00006949 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] 7E57F07157673B32FF3EB091719B1FCCFF09D6B1.torrent
2013-05-07 14:12 - 2013-05-07 14:12 - 00013277 ____A C:\Users\Lucas Hugo\Downloads\ca4ffb3f62a3f0733bf49c7b10ccfdc8750fbf70.zip
2013-05-07 14:06 - 2013-05-07 14:06 - 00013386 ____A C:\Users\Lucas Hugo\Downloads\2685458.zip
2013-05-07 14:01 - 2013-05-07 14:01 - 00013906 ____A C:\Users\Lucas Hugo\Downloads\how-i-met-your-mother-eighth-season_english-726835.zip
2013-05-07 13:43 - 2013-05-07 13:43 - 00010326 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] CC84D2294DA054A84F26E413FE5B4360FCD40BA5.torrent
2013-05-07 13:42 - 2013-05-07 13:42 - 209747968 ____A C:\Users\Lucas Hugo\Downloads\How.I.Met.Your.Mother.S08E23.HDTV.x264-LOL.mp4
2013-05-07 13:42 - 2013-05-07 13:42 - 00010326 ____A C:\Users\Lucas Hugo\Downloads\How.I.Met.Your.Mother.S08E23.HDTV.x264-LOL.mp4.torrent
2013-05-07 01:24 - 2013-05-07 01:24 - 00015689 ____A C:\Users\Lucas Hugo\Desktop\golf -5.5.13.wlmp
2013-05-07 01:21 - 2013-05-07 01:22 - 39495193 ____A C:\Users\Lucas Hugo\Desktop\golf-5.5.13.wmv
2013-05-07 00:44 - 2013-05-07 00:45 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\{4FD9CBEC-02B2-4868-A70A-847A636DCBB7}
2013-05-07 00:41 - 2013-05-07 00:43 - 58975755 ____A C:\Users\Lucas Hugo\Desktop\golf_5.5.13.rar
2013-05-07 00:37 - 2013-05-07 00:38 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\golf_5.5.13
2013-05-06 18:57 - 2013-05-06 18:57 - 00017128 ____A C:\Users\Lucas Hugo\Downloads\f0dc6e0621c8240d24f76e35c6632c83e5861112.zip
2013-05-06 13:13 - 2013-05-24 18:20 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Opera
2013-05-06 13:13 - 2013-05-24 18:20 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\Opera
2013-05-06 13:12 - 2013-05-24 18:20 - 00000000 ____D C:\Program Files (x86)\Opera
2013-05-06 13:03 - 2013-05-06 13:11 - 13168216 ____A (Opera Software ASA) C:\Users\Lucas Hugo\Downloads\Opera_1215_int_Setup.exe
2013-04-25 11:05 - 2013-04-25 11:05 - 00096800 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2013-04-24 20:22 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-24 20:15 - 2013-05-24 20:15 - 00000000 ____D C:\FRST
2013-05-24 20:13 - 2011-10-19 13:18 - 00631276 ____A C:\Windows\System32\perfh005.dat
2013-05-24 20:13 - 2011-10-19 13:18 - 00121930 ____A C:\Windows\System32\perfc005.dat
2013-05-24 20:13 - 2009-07-14 07:13 - 01470298 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 20:09 - 2013-05-24 19:11 - 00203745 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-24 20:09 - 2011-10-19 12:29 - 01222454 ____A C:\Windows\WindowsUpdate.log
2013-05-24 19:51 - 2011-12-24 21:52 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
2013-05-24 19:51 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-24 19:51 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-24 19:48 - 2012-03-09 21:30 - 00001002 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
2013-05-24 19:46 - 2011-12-24 21:58 - 00000000 ____D C:\ProgramData\clear.fi
2013-05-24 19:45 - 2012-12-29 16:54 - 00000000 ___SD C:\Users\Lucas Hugo\Disk Google
2013-05-24 19:45 - 2011-12-26 17:09 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Dropbox
2013-05-24 19:45 - 2011-12-24 22:24 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Skype
2013-05-24 19:44 - 2011-12-26 17:14 - 00000000 ___RD C:\Users\Lucas Hugo\Dropbox
2013-05-24 19:42 - 2012-12-29 16:53 - 00000956 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-24 19:42 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 19:41 - 2013-05-17 09:56 - 00001350 ____A C:\Windows\setupact.log
2013-05-24 19:40 - 2013-05-24 19:40 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-24 19:31 - 2013-02-17 23:03 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-24 19:25 - 2013-05-24 19:04 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-24 19:25 - 2013-05-24 19:04 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-24 19:25 - 2013-05-24 18:56 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-24 19:21 - 2013-05-24 19:21 - 00000804 ____A C:\Windows\PFRO.log
2013-05-24 19:18 - 2012-12-29 16:53 - 00000960 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-24 19:11 - 2013-05-24 19:11 - 00001863 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-24 19:11 - 2013-05-24 19:11 - 00000597 ____A C:\Users\Public\Desktop\Sdílený prostor.lnk
2013-05-24 19:11 - 2013-05-24 19:11 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-24 19:11 - 2013-05-24 19:11 - 00000000 ____D C:\Program Files\COMODO
2013-05-24 19:11 - 2013-05-24 19:09 - 00000000 ____D C:\ProgramData\COMODO
2013-05-24 19:09 - 2013-05-24 19:09 - 00002011 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-24 19:09 - 2013-05-24 19:09 - 00002007 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-24 19:05 - 2013-05-24 19:05 - 00001084 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-24 19:04 - 2013-05-24 19:04 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-24 19:04 - 2013-05-24 18:56 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\Comodo
2013-05-24 19:02 - 2012-02-22 11:58 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-24 19:01 - 2013-05-24 19:00 - 151247144 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\cav_installer.exe
2013-05-24 19:00 - 2013-05-24 18:59 - 151247144 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\cfw_installer.exe
2013-05-24 18:56 - 2013-05-24 18:56 - 00001102 ____A C:\Users\Public\Desktop\Comodo IceDragon.lnk
2013-05-24 18:56 - 2013-05-24 18:56 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Comodo
2013-05-24 18:55 - 2013-05-24 18:55 - 33995688 ____A (COMODO) C:\Users\Lucas Hugo\Downloads\icedragonsetup.exe
2013-05-24 18:42 - 2012-02-10 17:13 - 00000348 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-05-24 18:20 - 2013-05-06 13:13 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Opera
2013-05-24 18:20 - 2013-05-06 13:13 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\Opera
2013-05-24 18:20 - 2013-05-06 13:12 - 00000000 ____D C:\Program Files (x86)\Opera
2013-05-24 18:15 - 2013-05-24 18:13 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\RK_Quarantine
2013-05-24 18:02 - 2013-05-24 18:02 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-24 18:01 - 2013-05-24 17:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-24 18:00 - 2013-05-24 18:00 - 00002466 ____A C:\Windows\System32\.crusader
2013-05-24 17:49 - 2013-05-24 17:49 - 09818384 ____A (SurfRight B.V.) C:\Users\Lucas Hugo\Downloads\HitmanPro_x64.exe
2013-05-24 17:29 - 2013-05-24 11:54 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-24 17:07 - 2013-05-24 17:07 - 00003480 ____N C:\bootsqm.dat
2013-05-24 13:12 - 2013-05-24 18:18 - 00816128 ____A C:\Users\Lucas Hugo\Desktop\RogueKiller.exe
2013-05-24 11:54 - 2013-05-24 11:54 - 00159744 ____A C:\Users\Lucas Hugo\4274950.dll
2013-05-24 11:54 - 2013-05-24 11:54 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-05-24 11:54 - 2011-12-24 21:03 - 00000000 ____D C:\users\Lucas Hugo
2013-05-24 11:51 - 2012-01-03 16:57 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\uTorrent
2013-05-24 11:51 - 2011-12-24 21:52 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
2013-05-24 10:48 - 2012-03-09 21:30 - 00000980 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
2013-05-23 13:23 - 2012-06-30 15:04 - 00042403 ____A C:\Users\Lucas Hugo\Desktop\útrata_vš.xlsx
2013-05-22 02:02 - 2013-05-22 02:02 - 244330496 ____A C:\Users\Lucas Hugo\Downloads\Real.Hustle.S1E04.CZ.cyberon.avi
2013-05-21 14:19 - 2013-05-21 14:19 - 244692992 ____A C:\Users\Lucas Hugo\Downloads\The.Real.Hustle.S3E06.CZ.avi
2013-05-20 23:11 - 2013-05-20 23:11 - 244338688 ____A C:\Users\Lucas Hugo\Downloads\The.Real.Hustle.S3E08.CZ.avi
2013-05-20 22:34 - 2013-05-20 22:34 - 00010899 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] The_Inbetweeners_Movie_(2011)_DVDRip_XviD_AC3-26K.6876867.TPB.torrent
2013-05-20 22:25 - 2013-05-20 22:24 - 244336640 ____A C:\Users\Lucas Hugo\Downloads\Real.Hustle.S1E05.CZ.cyberon.avi
2013-05-20 22:20 - 2013-05-20 22:20 - 00011349 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] 1658806.torrent
2013-05-20 21:16 - 2013-05-20 21:16 - 00019283 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game.of.Thrones.S02E10.HDTV.x264-ASAP.mp4.torrent
2013-05-20 20:08 - 2013-05-20 20:08 - 00039849 ____A C:\Users\Lucas Hugo\Downloads\308-cz.zip
2013-05-20 19:46 - 2013-05-20 19:46 - 00029959 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game of Thrones S03E08 HDTV x264-EVOLVE[ettv].torrent
2013-05-20 11:25 - 2011-12-25 01:21 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\CrashDumps
2013-05-17 11:00 - 2013-05-17 11:00 - 00007582 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] The.Big.Bang.Theory.S06E24.HDTV.x264-LOL.[eztv].torrent
2013-05-17 10:58 - 2013-05-17 10:57 - 369803687 ____A C:\Users\Lucas Hugo\Downloads\reality kings erika es una peli porno is a porno film.wmv
2013-05-17 10:21 - 2013-05-17 10:18 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\ŘP_výsledky
2013-05-17 09:58 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-05-17 09:57 - 2009-07-14 06:45 - 03061272 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 09:56 - 2013-05-17 09:56 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 00:24 - 2013-05-17 00:21 - 629145600 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part1.rar
2013-05-17 00:23 - 2013-05-17 00:21 - 629145600 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part2.rar
2013-05-17 00:23 - 2013-05-17 00:21 - 260338622 ____A C:\Users\Lucas Hugo\Downloads\pribeh.z.bronxu.part3.rar
2013-05-16 21:36 - 2013-05-16 21:36 - 00016458 ____A C:\Users\Lucas Hugo\Downloads\arrow-first-season_english-731591.zip
2013-05-16 20:57 - 2013-05-16 20:57 - 00024729 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Arrow S01E23 HDTV x264-LOL[ettv].torrent
2013-05-16 11:03 - 2011-12-26 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 10:58 - 2011-12-24 22:05 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 15:32 - 2013-05-15 15:32 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 15:32 - 2012-12-29 16:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 15:32 - 2011-09-06 09:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 14:32 - 2013-05-15 14:32 - 00011386 ____A C:\Users\Lucas Hugo\Downloads\bbtcz-s06e23_v1.zip
2013-05-14 23:13 - 2013-05-14 23:13 - 00032759 ____A C:\Users\Lucas Hugo\Desktop\žaloby.xlsx
2013-05-14 11:35 - 2013-05-14 11:35 - 00012362 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Once.Upon.a.Time.S02E22.HDTV.x264-LOL.mp4.torrent
2013-05-14 11:33 - 2013-05-14 11:33 - 00008270 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] How.I.Met.Your.Mother.S08E24.HDTV.x264-LOL.[eztv].torrent
2013-05-14 00:16 - 2013-05-14 00:16 - 00047760 ____A C:\Users\Lucas Hugo\Downloads\307-cz.zip
2013-05-13 23:54 - 2013-05-13 23:54 - 00018799 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Game.of.Thrones.S03E07.HDTV.x264-2HD.[eztv].torrent
2013-05-11 16:54 - 2011-12-25 01:31 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Roaming\Mozilla
2013-05-10 12:02 - 2013-05-10 12:02 - 00012537 ____A C:\Users\Lucas Hugo\Downloads\12765b117ce316c0599f57601a2ba4320ad0bd72.zip
2013-05-10 11:25 - 2013-05-10 11:25 - 00012007 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] Arrow.S01E22.HDTV.x264-LOL.mp4.torrent
2013-05-10 11:24 - 2013-05-10 11:24 - 00006949 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] 7E57F07157673B32FF3EB091719B1FCCFF09D6B1.torrent
2013-05-07 14:12 - 2013-05-07 14:12 - 00013277 ____A C:\Users\Lucas Hugo\Downloads\ca4ffb3f62a3f0733bf49c7b10ccfdc8750fbf70.zip
2013-05-07 14:06 - 2013-05-07 14:06 - 00013386 ____A C:\Users\Lucas Hugo\Downloads\2685458.zip
2013-05-07 14:01 - 2013-05-07 14:01 - 00013906 ____A C:\Users\Lucas Hugo\Downloads\how-i-met-your-mother-eighth-season_english-726835.zip
2013-05-07 13:43 - 2013-05-07 13:43 - 00010326 ____A C:\Users\Lucas Hugo\Downloads\[isoHunt] CC84D2294DA054A84F26E413FE5B4360FCD40BA5.torrent
2013-05-07 13:42 - 2013-05-07 13:42 - 209747968 ____A C:\Users\Lucas Hugo\Downloads\How.I.Met.Your.Mother.S08E23.HDTV.x264-LOL.mp4
2013-05-07 13:42 - 2013-05-07 13:42 - 00010326 ____A C:\Users\Lucas Hugo\Downloads\How.I.Met.Your.Mother.S08E23.HDTV.x264-LOL.mp4.torrent
2013-05-07 01:24 - 2013-05-07 01:24 - 00015689 ____A C:\Users\Lucas Hugo\Desktop\golf -5.5.13.wlmp
2013-05-07 01:22 - 2013-05-07 01:21 - 39495193 ____A C:\Users\Lucas Hugo\Desktop\golf-5.5.13.wmv
2013-05-07 00:45 - 2013-05-07 00:44 - 00000000 ____D C:\Users\Lucas Hugo\AppData\Local\{4FD9CBEC-02B2-4868-A70A-847A636DCBB7}
2013-05-07 00:43 - 2013-05-07 00:41 - 58975755 ____A C:\Users\Lucas Hugo\Desktop\golf_5.5.13.rar
2013-05-07 00:38 - 2013-05-07 00:37 - 00000000 ____D C:\Users\Lucas Hugo\Desktop\golf_5.5.13
2013-05-06 22:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-06 18:57 - 2013-05-06 18:57 - 00017128 ____A C:\Users\Lucas Hugo\Downloads\f0dc6e0621c8240d24f76e35c6632c83e5861112.zip
2013-05-06 13:11 - 2013-05-06 13:03 - 13168216 ____A (Opera Software ASA) C:\Users\Lucas Hugo\Downloads\Opera_1215_int_Setup.exe
2013-05-04 22:22 - 2011-12-25 00:08 - 00001128 ____A C:\Users\Lucas Hugo\AppData\Local\SRDownloader.nast
2013-05-02 02:06 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 15:02 - 2013-02-23 12:45 - 00000000 ____D C:\Users\Lucas Hugo\Downloads\Subs
2013-04-29 22:15 - 2012-04-16 18:59 - 00000000 ____D C:\Users\Lucas Hugo\.gimp-2.8
2013-04-25 11:05 - 2013-04-25 11:05 - 00096800 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys

Other Malware:
===========
C:\ProgramData\rundll32.exe
C:\Users\Lucas Hugo\4274950.dll
C:\ProgramData\rundll32.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-15 15:19

==================== End Of Log ============================

A jeste to ulozilo nejakej pridavek "addition":

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2013 01
Ran by Lucas Hugo at 2013-05-24 20:16:56 Run:
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
??????? ??????????? ??? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
µTorrent (Version: 3.0.0)
ACE Mega CoDecS Pack (Version: 6.03.0911)
Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer eRecovery Management (Version: 5.00.3504)
Acer PowerSmart Manager (Version: 6.01.3002)
Acer Registration (Version: 1.04.3503)
Acer ScreenSaver (Version: 20.11.0921.1957)
Acer Updater (Version: 1.02.3500)
Acer USB Charge Manager (Version: 1.00.3001)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Reader X (10.1.0) MUI (Version: 10.1.0)
Advanced PDF to IMAGE converter 1.9.9.34 (Version: 1.9.9.34)
AGT Pro - Betfair (Version: 1.2.7)
AIDA64 Extreme Edition v2.00 (Version: 2.00)
Aktualizace NVIDIA 1.10.8 (Version: 1.10.8)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Any Video Converter 3.3.2
ArcSoft TotalMedia 3.5 (Version: 3.5.28.388)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Audacity 2.0
AVS Update Manager 1.0
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Backup Manager V3 (Version: 3.0.0.99)
Bing Bar (Version: 7.0.765.0)
Bluetooth Win7 Suite (64) (Version: 7.4.0.96)
BS.Player FREE (Version: 2.58.1058)
calibre (Version: 0.8.41)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7)
CCleaner (Version: 3.14)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2228.00)
clear.fi (Version: 9.0.8228)
clear.fi Client (Version: 1.00.3500)
CODEXIS ACADEMIA 4.95.12
Comodo Dragon (Version: 26.2.2.0)
COMODO Firewall (Version: 6.1.14723.2813)
Comodo IceDragon (Version: 20.0.1.14)
Conexant HD Audio (Version: 8.54.17.51)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Dell PC Suite (Version: 0.0.48)
Display Stix 2.5
Dropbox (Version: 1.6.18)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotografica del Windows Live (Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
GeekBuddy (Version: 4.7.55)
GIMP 2.8.0-rc1 (Version: 2.8.0)
GmoteServer (Version: 2.0.2)
GOM Player (Version: 2.1.37.5085)
Google Drive (Version: 1.9.4536.8202)
Google Chrome (Version: 27.0.1453.94)
Google Talk Plugin (Version: 3.19.1.13088)
Google Update Helper (Version: 1.3.21.145)
HP Deskjet 3050A J611 series Nápověda (Version: 140.0.2.2)
HP Photo Creations (Version: 1.0.0.9452)
HP Update (Version: 5.003.000.004)
Identity Card (Version: 1.00.3501)
ImgBurn (Version: 2.5.6.0)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2418)
Intel(R) Rapid Storage Technology (Version: 10.6.0.1002)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
Launch Manager (Version: 5.1.7)
Mafia II
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mirror's Edge™ (Version: 1.0.0.0)
Mozilla Firefox 9.0.1 (x86 cs) (Version: 9.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.18)
NBA 2K13 (Version: 1.0.0)
newsXpresso (Version: 1.0.0.40)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.9002)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Ovladače grafiky 306.97 (Version: 306.97)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA Systémový software PhysX 9.12.0604 (Version: 9.12.0604)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.3 (Version: 3.3.9567)
Ovládací panel NVIDIA 306.97 (Version: 306.97)
Pidgin (Version: 2.10.6)
Poczta usługi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
REALTEK DTV USB DEVICE (Version: 1.00.0000)
Realtek PCIE Card Reader (Version: 6.1.7601.85)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.0 (Version: 6.0.126)
Spybot - Search & Destroy (Version: 1.6.2)
Studie zlepšení produktu HP Deskjet 3050A J611 series (Version: 25.0.571.0)
Subtitle Workshop 2.51
Total Commander (Remove or Repair) (Version: 7.56a)
Tvůrce rozvrhů 3.1
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
VirtualDJ Home FREE (Version: 7.0.5)
VLC media player 1.1.11 (Version: 1.1.11)
Welcome Center (Version: 1.02.3503)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Základní software zařízení HP Deskjet 3050A J611 series (Version: 25.0.571.0)

==================== Restore Points =========================

21-05-2013 08:35:26 Windows Update
24-05-2013 17:01:47 avast! Free Antivirus Setup
24-05-2013 17:39:37 Instalace balíčku ovladače zařízení: COMODO Síťová služba

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2013 08:12:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 07:43:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 07:23:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 06:20:47 PM) (Source: Application Hang) (User: )
Description: Program IEXPLORE.EXE verze 10.0.9200.16576 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: d80

Čas spuštění: 01ce589a99eaa18d

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

ID hlášení:

Error: (05/24/2013 06:05:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 06:05:36 PM) (Source: ESENT) (User: )
Description: taskhost (3884) Pokus o otevření souboru C:\Users\Lucas Hugo\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (05/24/2013 05:48:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 05:29:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2013 05:29:40 PM) (Source: Google Update) (User: LucasHugo-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (05/24/2013 05:29:21 PM) (Source: ESENT) (User: )
Description: taskhost (3456) Pokus o otevření souboru C:\Users\Lucas Hugo\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (05/24/2013 08:13:03 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
AFD
CFRMD
cmdGuard
cmdHlp
DfsC
discache
inspect
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
sptd
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Sledování umístění v síti (NLA) závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Mini-přesměrovač SMB 2.0 závisí na službě Obálka a jádro minipřesměrovačů SMB, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Mini-přesměrovač SMB 1.x závisí na službě Obálka a jádro minipřesměrovačů SMB, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Obálka a jádro minipřesměrovačů SMB závisí na službě Podsystém přesměrovaného ukládání do vyrovnávací paměti, která neuspěla při spuštění v důsledku následující chyby:
%%31

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Pomocná služba protokolu IP závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Conexant Audio Message Service závisí na službě Zvuk systému Windows, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Pracovní stanice závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (05/24/2013 08:10:35 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba rozhraní síťového úložiště závisí na službě NSI proxy service driver., která neuspěla při spuštění v důsledku následující chyby:
%%31


Microsoft Office Sessions:
=========================
Error: (04/22/2012 11:39:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3947.86 MB
Available physical RAM: 3411.98 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 7369.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:24.71 GB) NTFS (Disk=0 Partition=3)
Drive e: (CORSAIR) (Removable) (Total:15.23 GB) (Free:15.07 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E87C2E3F)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Hugo2377]

Log z Rkillu to vypsalo v pořádku.

Při spuštění Combofixu mi to ale nejdřív psalo nějaký problém se zálohou registrů a po následném spuštění v příkazovém řádku blikalo: C:/Combofix a nic se nedělo. Poté, co jsem program spustil podruhé mi to vyhodilo další chybovou hlášku, viz obrázek v příloze...

[Hugo2377]

Omlouvam se, uvedene chyby naskakovaly nejspise z duvodu neuplneho zneaktivneni antiviru. Ted uz vse bezi, zda se...

[Hugo2377]

Log z Rkillu:

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/25/2013 12:42:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/25/2013 12:42:57 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)


Log z Combofixu:

ComboFix 13-05-25.02 - Lucas Hugo 25.05.2013 12:48:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3948.2539 [GMT 2:00]
Spuštěný z: c:\users\Lucas Hugo\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\rundll32.exe
c:\users\Lucas Hugo\4274950.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-25 do 2013-05-25 )))))))))))))))))))))))))))))))
.
.
2013-05-25 11:00 . 2013-05-25 11:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-25 11:00 . 2013-05-25 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-24 18:15 . 2013-05-24 18:15 -------- d-----w- C:\FRST
2013-05-24 17:11 . 2013-05-24 17:11 -------- d-s---w- c:\programdata\Shared Space
2013-05-24 17:11 . 2013-05-24 17:11 -------- d-----w- c:\program files\COMODO
2013-05-24 17:09 . 2013-05-24 17:11 -------- d-----w- c:\programdata\COMODO
2013-05-24 17:09 . 2013-05-24 17:09 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-05-24 17:04 . 2013-05-24 17:25 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-05-24 17:04 . 2013-05-24 17:25 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-05-24 17:04 . 2013-05-24 17:04 -------- d-----w- c:\programdata\Comodo Downloader
2013-05-24 16:56 . 2013-05-24 17:04 -------- d-----w- c:\users\Lucas Hugo\AppData\Local\Comodo
2013-05-24 16:56 . 2013-05-24 16:56 -------- d-----w- c:\users\Lucas Hugo\AppData\Roaming\Comodo
2013-05-24 16:56 . 2013-05-24 17:25 -------- d-----w- c:\program files (x86)\Comodo
2013-05-24 16:02 . 2013-05-24 16:02 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-05-24 15:49 . 2013-05-24 16:01 -------- d-----w- c:\programdata\HitmanPro
2013-05-24 08:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46914598-BBC0-418F-867C-AA4C2EA50DF9}\mpengine.dll
2013-05-15 23:21 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:21 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:21 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 23:20 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 23:20 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 23:20 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:20 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:20 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 23:20 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:20 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 23:20 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:20 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 13:32 . 2013-05-15 13:32 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-06 11:13 . 2013-05-24 16:20 -------- d-----w- c:\users\Lucas Hugo\AppData\Local\Opera
2013-05-06 11:12 . 2013-05-24 16:20 -------- d-----w- c:\program files (x86)\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-24 09:54 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 08:58 . 2011-12-24 20:05 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:32 . 2012-12-29 14:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:32 . 2011-09-06 07:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 09:05 . 2013-04-25 09:05 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-23 13:04 . 2013-04-23 13:04 437176 ----a-w- c:\windows\system32\guard64.dll
2013-04-23 13:04 . 2013-04-23 13:04 348048 ----a-w- c:\windows\SysWow64\guard32.dll
2013-04-15 16:38 . 2013-04-15 16:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 16:38 . 2013-04-15 16:38 706560 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 16:38 . 2013-04-15 16:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 16:38 . 2013-04-15 16:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 16:38 . 2013-04-15 16:38 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-04-15 16:38 . 2013-04-15 16:38 343760 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-04-15 16:38 . 2013-04-15 16:38 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-04-15 16:38 . 2013-04-15 16:38 276688 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49 . 2013-05-15 23:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:20 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:20 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 18:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:28 . 2013-04-10 06:28 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-10 06:28 . 2013-04-10 06:28 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-10 06:28 . 2013-04-10 06:28 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-10 06:28 . 2013-04-10 06:28 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-10 06:28 . 2013-04-10 06:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-10 06:28 . 2013-04-10 06:28 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-10 06:28 . 2013-04-10 06:28 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-10 06:28 . 2013-04-10 06:28 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-10 06:28 . 2013-04-10 06:28 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-10 06:28 . 2013-04-10 06:28 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-10 06:28 . 2013-04-10 06:28 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-10 06:28 . 2013-04-10 06:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-10 06:28 . 2013-04-10 06:28 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-10 06:28 . 2013-04-10 06:28 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-10 06:28 . 2013-04-10 06:28 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-10 06:28 . 2013-04-10 06:28 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-10 06:28 . 2013-04-10 06:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-10 06:28 . 2013-04-10 06:28 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-10 06:28 . 2013-04-10 06:28 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-10 06:28 . 2013-04-10 06:28 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-10 06:28 . 2013-04-10 06:28 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-10 06:28 . 2013-04-10 06:28 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-10 06:28 . 2013-04-10 06:28 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-10 06:28 . 2013-04-10 06:28 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-10 06:28 . 2013-04-10 06:28 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-10 06:28 . 2013-04-10 06:28 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-10 06:28 . 2013-04-10 06:28 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-10 06:28 . 2013-04-10 06:28 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-10 06:28 . 2013-04-10 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-10 06:28 . 2013-04-10 06:28 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-10 06:28 . 2013-04-10 06:28 441856 ----a-w- c:\windows\system32\html.iec
2013-04-10 06:28 . 2013-04-10 06:28 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-10 06:28 . 2013-04-10 06:28 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-10 06:28 . 2013-04-10 06:28 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-10 06:28 . 2013-04-10 06:28 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-10 06:28 . 2013-04-10 06:28 235008 ----a-w- c:\windows\system32\url.dll
2013-04-10 06:28 . 2013-04-10 06:28 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-10 06:28 . 2013-04-10 06:28 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-10 06:28 . 2013-04-10 06:28 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-10 06:28 . 2013-04-10 06:28 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-10 06:28 . 2013-04-10 06:28 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-10 06:28 . 2013-04-10 06:28 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-10 06:28 . 2013-04-10 06:28 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-10 06:28 . 2013-04-10 06:28 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-10 06:28 . 2013-04-10 06:28 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-10 06:28 . 2013-04-10 06:28 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-10 06:28 . 2013-04-10 06:28 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-10 06:28 . 2013-04-10 06:28 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-10 06:28 . 2013-04-10 06:28 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-10 06:26 . 2013-04-10 06:26 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-10 06:26 . 2013-04-10 06:26 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-10 06:26 . 2013-04-10 06:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-10 06:26 . 2013-04-10 06:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-10 06:26 . 2013-04-10 06:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-10 06:26 . 2013-04-10 06:26 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-10 06:26 . 2013-04-10 06:26 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-10 06:26 . 2013-04-10 06:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-10 06:26 . 2013-04-10 06:26 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-10 06:26 . 2013-04-10 06:26 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-10 06:26 . 2013-04-10 06:26 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-10 06:26 . 2013-04-10 06:26 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Facebook Update"="c:\users\Lucas Hugo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Dell PC Suite"="c:\program files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe" [2010-03-11 598016]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Facebook Messenger.lnk - c:\users\Lucas Hugo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series (Síť).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-9-6 723560]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-12-24 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-04-15 158928]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-05-24 32000]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2011-06-13 48488]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2011-05-17 225256]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2011-05-17 39016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-04-15 23168]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-04-15 706560]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-04-15 48360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-25 279616]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-09-06 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-09-06 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-09-06 62776]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 70344]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-04-19 2074760]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-03-28 799848]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 1851088]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-04-18 1821384]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-02-10 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 13:32]
.
2013-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
- c:\users\Lucas Hugo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 08:42]
.
2013-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
- c:\users\Lucas Hugo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 08:42]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29 14:53]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29 14:53]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
- c:\users\Lucas Hugo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 19:52]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
- c:\users\Lucas Hugo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 19:52]
.
2013-05-25 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-10-13 08:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-03-28 499304]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3603152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
FF - ProfilePath - c:\users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Display Stix2.5 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-25 13:07:46
ComboFix-quarantined-files.txt 2013-05-25 11:07
.
Před spuštěním: Volných bajtů: 49 022 164 992
Po spuštění: Volných bajtů: 49 025 236 992
.
- - End Of File - - 9286375C591C1A657F14854A376E601F

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[Hugo2377]

Výpis logu z ADWCleaner:

# AdwCleaner v2.301 - Log vytvooen 26/05/2013 v 11:17:36
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Lucas Hugo - LUCASHUGO-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Lucas Hugo\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****


***** [Registry] *****

Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKLM\Software\Conduit

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v9.0.1 (cs)

Soubor : C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [932 octets] - [26/05/2013 11:17:36]

########## EOF - C:\AdwCleaner[R1].txt - [991 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[Hugo2377]

# AdwCleaner v2.301 - Log vytvooen 26/05/2013 v 12:40:18
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Lucas Hugo - LUCASHUGO-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Lucas Hugo\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****


***** [Registry] *****

Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKLM\Software\Conduit

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v9.0.1 (cs)

Soubor : C:\Users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Lucas Hugo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1059 octets] - [26/05/2013 11:17:36]
AdwCleaner[S1].txt - [990 octets] - [26/05/2013 12:40:18]

########## EOF - C:\AdwCleaner[S1].txt - [1049 octets] ##########

[vyosek]

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

[Hugo2377]

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.0
Java(TM) 7 Update 4
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

[vyosek]

Odinstalujte Spybot - Search & Destroy - ma uz davno nejlepsi leta za sebou

Comodo pouzivate kompletni balicek zabezpeceni?

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\system32\drivers\hitmanpro37.sys
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
  c:\windows\Tasks\HP Photo Creations Communicator.job
  
  Folder::
  c:\programdata\HitmanPro
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Facebook Update"=-
  "GoogleDriveSync"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "ArcadeMovieService"=-
  "GrooveMonitor"=-
  "HP Software Update"=-
  "SunJavaUpdateSched"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "IsMyWinLockerReboot"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Hugo2377]

- Nevím, zda to považovat za kompletní balíček, ale používám COMODO Antivirus a Firewall + COMODO Ice Dragon jako prohlížeč

Log z Combofixu po aplikaci scriptu:

ComboFix 13-05-28.01 - Lucas Hugo 28.05.2013 11:42:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3948.2068 [GMT 2:00]
Spuštěný z: c:\users\Lucas Hugo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lucas Hugo\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\hitmanpro37.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job"
"c:\windows\Tasks\HP Photo Creations Communicator.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HitmanPro
c:\programdata\HitmanPro\Banner.bin
c:\programdata\HitmanPro\HitmanPro.key
c:\programdata\HitmanPro\HitmanPro.lic
c:\programdata\HitmanPro\Logs\HitmanPro_20130524_1801.log
c:\programdata\HitmanPro\Remnants.bin
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_ctypes.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_elementtree.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_hashlib.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_multiprocessing.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_socket.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\_ssl.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\pyexpat.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\pysqlite2._sqlite.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\python27.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\pythoncom27.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\PyWinTypes27.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\select.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\unicodedata.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32api.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32com.shell.shell.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32crypt.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32event.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32file.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32inet.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32pdh.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32process.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32profile.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32security.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\win32ts.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\windows._cacheinvalidation.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._controls_.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._core_.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._gdi_.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._html2.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._misc_.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._windows_.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wx._wizard.pyd
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxbase294u_net_vc90.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxbase294u_vc90.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxmsw294u_adv_vc90.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxmsw294u_core_vc90.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxmsw294u_html_vc90.dll
c:\users\Lucas Hugo\AppData\Local\Temp\_MEI44362\wxmsw294u_webview_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_ctypes.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_elementtree.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_hashlib.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_multiprocessing.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_socket.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\_ssl.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\pyexpat.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\pysqlite2._sqlite.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\python27.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\pythoncom27.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\PyWinTypes27.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\select.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\unicodedata.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32api.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32com.shell.shell.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32crypt.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32event.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32file.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32inet.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32pdh.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32process.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32profile.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32security.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\win32ts.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\windows._cacheinvalidation.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._controls_.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._core_.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._gdi_.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._html2.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._misc_.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._windows_.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wx._wizard.pyd
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxbase294u_net_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxbase294u_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxmsw294u_adv_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxmsw294u_core_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxmsw294u_html_vc90.dll
c:\users\LUCASH~1\AppData\Local\Temp\_MEI44362\wxmsw294u_webview_vc90.dll
c:\windows\system32\drivers\hitmanpro37.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980671153-3011937459-1763624596-1000UA.job
c:\windows\Tasks\HP Photo Creations Communicator.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hitmanpro37
-------\Service_hitmanpro37
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 10:01 . 2013-05-28 10:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-24 18:15 . 2013-05-24 18:15 -------- d-----w- C:\FRST
2013-05-24 17:11 . 2013-05-24 17:11 -------- d-s---w- c:\programdata\Shared Space
2013-05-24 17:11 . 2013-05-24 17:11 -------- d-----w- c:\program files\COMODO
2013-05-24 17:09 . 2013-05-24 17:11 -------- d-----w- c:\programdata\COMODO
2013-05-24 17:09 . 2013-05-24 17:09 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-05-24 17:04 . 2013-05-24 17:25 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-05-24 17:04 . 2013-05-24 17:25 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-05-24 17:04 . 2013-05-24 17:04 -------- d-----w- c:\programdata\Comodo Downloader
2013-05-24 16:56 . 2013-05-24 17:04 -------- d-----w- c:\users\Lucas Hugo\AppData\Local\Comodo
2013-05-24 16:56 . 2013-05-24 16:56 -------- d-----w- c:\users\Lucas Hugo\AppData\Roaming\Comodo
2013-05-24 16:56 . 2013-05-24 17:25 -------- d-----w- c:\program files (x86)\Comodo
2013-05-24 08:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46914598-BBC0-418F-867C-AA4C2EA50DF9}\mpengine.dll
2013-05-15 23:21 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:21 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:21 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 23:20 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 23:20 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 23:20 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:20 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:20 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 23:20 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:20 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 23:20 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:20 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 13:32 . 2013-05-15 13:32 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-06 11:13 . 2013-05-24 16:20 -------- d-----w- c:\users\Lucas Hugo\AppData\Local\Opera
2013-05-06 11:12 . 2013-05-24 16:20 -------- d-----w- c:\program files (x86)\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-24 09:54 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 08:58 . 2011-12-24 20:05 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:32 . 2012-12-29 14:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:32 . 2011-09-06 07:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 09:05 . 2013-04-25 09:05 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-23 13:04 . 2013-04-23 13:04 437176 ----a-w- c:\windows\system32\guard64.dll
2013-04-23 13:04 . 2013-04-23 13:04 348048 ----a-w- c:\windows\SysWow64\guard32.dll
2013-04-15 16:38 . 2013-04-15 16:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 16:38 . 2013-04-15 16:38 706560 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 16:38 . 2013-04-15 16:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 16:38 . 2013-04-15 16:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 16:38 . 2013-04-15 16:38 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-04-15 16:38 . 2013-04-15 16:38 343760 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-04-15 16:38 . 2013-04-15 16:38 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-04-15 16:38 . 2013-04-15 16:38 276688 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49 . 2013-05-15 23:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:20 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:20 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 18:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:28 . 2013-04-10 06:28 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-10 06:28 . 2013-04-10 06:28 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-10 06:28 . 2013-04-10 06:28 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-10 06:28 . 2013-04-10 06:28 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-10 06:28 . 2013-04-10 06:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-10 06:28 . 2013-04-10 06:28 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-10 06:28 . 2013-04-10 06:28 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-10 06:28 . 2013-04-10 06:28 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-10 06:28 . 2013-04-10 06:28 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-10 06:28 . 2013-04-10 06:28 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-10 06:28 . 2013-04-10 06:28 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-10 06:28 . 2013-04-10 06:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-10 06:28 . 2013-04-10 06:28 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-10 06:28 . 2013-04-10 06:28 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-10 06:28 . 2013-04-10 06:28 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-10 06:28 . 2013-04-10 06:28 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-10 06:28 . 2013-04-10 06:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-10 06:28 . 2013-04-10 06:28 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-10 06:28 . 2013-04-10 06:28 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-10 06:28 . 2013-04-10 06:28 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-10 06:28 . 2013-04-10 06:28 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-10 06:28 . 2013-04-10 06:28 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-10 06:28 . 2013-04-10 06:28 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-10 06:28 . 2013-04-10 06:28 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-10 06:28 . 2013-04-10 06:28 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-10 06:28 . 2013-04-10 06:28 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-10 06:28 . 2013-04-10 06:28 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-10 06:28 . 2013-04-10 06:28 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-10 06:28 . 2013-04-10 06:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-10 06:28 . 2013-04-10 06:28 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-10 06:28 . 2013-04-10 06:28 441856 ----a-w- c:\windows\system32\html.iec
2013-04-10 06:28 . 2013-04-10 06:28 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-10 06:28 . 2013-04-10 06:28 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-10 06:28 . 2013-04-10 06:28 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-10 06:28 . 2013-04-10 06:28 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-10 06:28 . 2013-04-10 06:28 235008 ----a-w- c:\windows\system32\url.dll
2013-04-10 06:28 . 2013-04-10 06:28 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-10 06:28 . 2013-04-10 06:28 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-10 06:28 . 2013-04-10 06:28 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-10 06:28 . 2013-04-10 06:28 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-10 06:28 . 2013-04-10 06:28 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-10 06:28 . 2013-04-10 06:28 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-10 06:28 . 2013-04-10 06:28 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-10 06:28 . 2013-04-10 06:28 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-10 06:28 . 2013-04-10 06:28 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-10 06:28 . 2013-04-10 06:28 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-10 06:28 . 2013-04-10 06:28 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-10 06:28 . 2013-04-10 06:28 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-10 06:28 . 2013-04-10 06:28 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-10 06:26 . 2013-04-10 06:26 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-10 06:26 . 2013-04-10 06:26 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-10 06:26 . 2013-04-10 06:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-10 06:26 . 2013-04-10 06:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-10 06:26 . 2013-04-10 06:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-10 06:26 . 2013-04-10 06:26 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-10 06:26 . 2013-04-10 06:26 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-10 06:26 . 2013-04-10 06:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-10 06:26 . 2013-04-10 06:26 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-10 06:26 . 2013-04-10 06:26 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-10 06:26 . 2013-04-10 06:26 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-10 06:26 . 2013-04-10 06:26 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-10 06:26 . 2013-04-10 06:26 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Display Stix - System tray"="c:\program files (x86)\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"Dell PC Suite"="c:\program files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe" [2010-03-11 598016]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
c:\users\Lucas Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Facebook Messenger.lnk - c:\users\Lucas Hugo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series (Síť).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-9-6 723560]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-12-24 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-04-15 158928]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2011-06-13 48488]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2011-05-17 225256]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2011-05-17 39016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-04-15 23168]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-04-15 706560]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-04-15 48360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-25 279616]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-09-06 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-09-06 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-09-06 62776]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 70344]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-04-19 2074760]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-03-28 799848]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 1851088]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-04-18 1821384]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-02-10 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Lucas Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-03-28 499304]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3603152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
FF - ProfilePath - c:\users\Lucas Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Display Stix2.5 - c:\windows\iun6002.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-05-28 12:09:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-28 10:09
ComboFix2.txt 2013-05-25 11:07
.
Před spuštěním: Volných bajtů: 41 983 262 720
Po spuštění: Volných bajtů: 41 595 314 176
.
- - End Of File - - D992A338776447236C784A4C76701B8E