Vir na flashdisku

[Praetor]

Dobrý den,

chytil jsem v tiskárně vir na flashdisk, bohužel to nerozpoznal včas a z počítače mi přeskočil i na e-reader. Připojená byla i kamera, nevím jak to funguje u ní, zvláštního chování jsem si nevšiml, ale je možné, že je též infikovaná.

MBAM nedetekoval nic zvláštního. Když jsem o tom něco hledal, našel jsem jisté operace přes commander. Zjistil jsem tak, že na flashce existují stále původní soubory, ale jsou skryté a místo nich vystupují zástupci o velikosti 2 kb. V commanderu mají tito zástupci patrně parametr SH. Ve čtečce i naflashce mám materiály k diplomce, ke kterým se teď nemohu dostat, proto prosím o pomoc.

Děkuji.

Následuje log z RSIT.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:44, on 14.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\trend micro\Praetor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [okyy] wscript.exe //B "C:\Users\Praetor\AppData\Roaming\okyy.vbs"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: okyy.vbs
O4 - Global Startup: HD Writer.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 9843 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
/QuitInfo:000000000000040C;00000000000003E0; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
/QuitInfo:00000000000004E0;00000000000004E4; /AddRef;
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\Drivers\WTSRV.EXE"
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1555221963-1677504509-977370866-1213509672-1095200007-1130911131531145263-220818425
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\SysWOW64\rundll32.exe" "C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
szndesktop.exe default start
"C:\Windows\System32\wscript.exe" //B "C:\Users\Praetor\AppData\Roaming\okyy.vbs"
"C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "6040347051364704960-446560273171885796913370251701974102296-1382980533-96042041
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2ac44ba6-609c-4987-a00f-1f01ec2ba6f0 -SystemEventPortName:HostProcess-9102d133-8b90-42ac-a1b7-8ce7d0a12455 -IoCancelEventPortName:HostProcess-88fa587e-f7ec-4554-a6b7-eb3174259aac -NonStateChangingEventPortName:HostProcess-b38993bd-611a-49dc-a82a-9644da26b5a9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0363435f-fd6b-4edd-865f-0889248fda5b
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3884.209d2f00.1105690793 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3884 "\\.\pipe\gecko-crash-server-pipe.3884" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --proxy-stub-channel=Flash1476.6AF5B990.21039 --host-broker-channel=Flash1476.6AF5B990.31284 --host-pid=1476 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --channel=2168.0033F870.1736538984 --proxy-stub-channel=Flash1476.6AF5B990.21039 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll" --host-npapi-version=27 --type=renderer
taskhost.exe $(Arg0)
"C:\Users\Praetor\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.google.com/ig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll


C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\extensions\
{99e34760-2754-11e0-91fa-0800200c9a66}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\searchplugins\
creative-commons-search-beta.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-05 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-05 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-05 1138536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-05 1372864]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-05 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-05 1138536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-10-18 1028384]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-05-28 13545032]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-12-10 1100248]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"cz.seznam.software.autoupdate"=C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
""= []
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-01-07 1815464]
"NextLive"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2013-06-07 774680]
"okyy"=wscript.exe //B C:\Users\Praetor\AppData\Roaming\okyy.vbs []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-05-04 630912]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"WTClient"=C:\Windows\system32\WTClient.exe [2012-12-22 40832]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-05 3764024]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HD Writer.lnk - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
okyy.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31390173.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\31390173.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-14 10:49:10 ----D---- C:\rsit
2014-01-14 10:49:10 ----D---- C:\Program Files\trend micro
2014-01-14 09:57:03 ----A---- C:\TDSSKiller.3.0.0.19_14.01.2014_09.57.03_log.txt
2014-01-14 09:53:30 ----A---- C:\TDSSKiller.3.0.0.19_14.01.2014_09.53.30_log.txt
2014-01-14 09:52:59 ----A---- C:\TDSSKiller.2.8.16.0_14.01.2014_09.52.59_log.txt
2014-01-14 09:39:35 ----D---- C:\ProgramData\Malwarebytes
2014-01-14 09:39:30 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-14 09:39:30 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-01-14 09:38:18 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-01-13 11:22:47 ----ASH---- C:\Users\Praetor\AppData\Roaming\okyy.vbs
2014-01-09 00:17:30 ----D---- C:\ProgramData\Zoner
2014-01-09 00:16:52 ----D---- C:\Program Files\Zoner
2014-01-08 14:30:44 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2014-01-08 14:30:44 ----A---- C:\Windows\system32\d3dx11_43.dll
2014-01-08 14:30:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2014-01-08 14:30:42 ----A---- C:\Windows\system32\d3dx10_43.dll
2014-01-08 14:30:39 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2014-01-08 14:30:39 ----A---- C:\Windows\system32\D3DX9_43.dll
2014-01-08 14:29:12 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2014-01-08 14:29:12 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2014-01-05 19:35:42 ----A---- C:\Windows\system32\drivers\aswstm.sys
2014-01-05 15:22:27 ----D---- C:\Users\Praetor\AppData\Roaming\Apple Computer
2014-01-05 11:51:14 ----D---- C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-05 11:34:14 ----D---- C:\ProgramData\Apple Computer
2014-01-05 11:34:14 ----D---- C:\Program Files (x86)\QuickTime
2014-01-05 11:32:27 ----D---- C:\ProgramData\Apple
2014-01-05 11:32:27 ----D---- C:\Program Files (x86)\Apple Software Update
2014-01-04 17:32:38 ----D---- C:\Program Files (x86)\SmartTweak
2014-01-04 11:44:25 ----D---- C:\Users\Praetor\AppData\Roaming\dvdcss
2014-01-04 11:40:10 ----D---- C:\Users\Praetor\AppData\Roaming\WTablet
2014-01-03 16:32:17 ----D---- C:\Program Files (x86)\TabletPlugins
2014-01-03 16:32:16 ----D---- C:\Program Files\TabletPlugins
2014-01-03 16:32:01 ----A---- C:\Windows\system32\drivers\wacomrouterfilter.sys
2014-01-03 16:31:50 ----A---- C:\Windows\system32\wdfcoinstaller01009.dll
2014-01-03 16:31:50 ----A---- C:\Windows\system32\drivers\wdfcoinstaller01009.dll
2014-01-03 16:31:50 ----A---- C:\Windows\system32\drivers\wachidrouter.sys
2014-01-03 16:31:50 ----A---- C:\Windows\system32\drivers\hidkmdf.sys
2014-01-03 16:31:42 ----A---- C:\Windows\SYSWOW64\Wacom_Touch_Tablet.dll
2014-01-03 16:31:41 ----A---- C:\Windows\SYSWOW64\Wintab32.dll
2014-01-03 16:31:41 ----A---- C:\Windows\SYSWOW64\WacomMT.dll
2014-01-03 16:31:41 ----A---- C:\Windows\SYSWOW64\Wacom_Tablet.dll
2014-01-03 16:31:41 ----A---- C:\Windows\system32\WacomMT.dll
2014-01-03 16:31:41 ----A---- C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-01-03 16:31:41 ----A---- C:\Windows\system32\Wacom_Tablet.dll
2014-01-03 16:31:39 ----D---- C:\Program Files\Tablet
2014-01-02 12:08:22 ----D---- C:\HDWLE20_TMP
2014-01-02 12:02:35 ----D---- C:\ProgramData\Panasonic
2014-01-02 11:47:39 ----N---- C:\Windows\system32\drivers\PxHlpa64.sys
2014-01-02 11:47:39 ----N---- C:\Windows\system32\drivers\cdralw2k.sys
2014-01-02 11:47:39 ----N---- C:\Windows\system32\drivers\cdr4_xp.sys
2014-01-02 11:40:35 ----D---- C:\Program Files (x86)\Panasonic
2014-01-02 11:40:30 ----D---- C:\Program Files\Microsoft Synchronization Services
2014-01-02 11:40:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-02 11:40:08 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2014-01-02 11:40:08 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-20 02:48:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-12-15 17:42:02 ----D---- C:\Users\Praetor\AppData\Roaming\screenrecorder
2013-12-15 17:42:02 ----D---- C:\ProgramData\cutescreenrecorderfree
2013-12-15 17:41:32 ----D---- C:\Users\Praetor\AppData\Roaming\newnext.me
2013-12-15 17:41:23 ----A---- C:\ProgramData\cutescreenrecorder.ini
2013-12-15 17:41:21 ----D---- C:\Program Files (x86)\Cute Screen Recorder
2013-12-15 17:41:04 ----D---- C:\Program Files (x86)\Mobogenie
2013-12-15 17:40:57 ----D---- C:\Program Files (x86)\MyPC Backup
2013-12-15 16:26:18 ----D---- C:\Program Files (x86)\AVIscreen capture

======List of files/folders modified in the last 1 month======

2014-01-14 13:12:43 ----D---- C:\Windows\Temp
2014-01-14 12:11:17 ----D---- C:\Windows\system32\config
2014-01-14 11:13:27 ----D---- C:\Users\Praetor\AppData\Roaming\Seznam.cz
2014-01-14 11:13:27 ----D---- C:\Program Files (x86)\Steam
2014-01-14 11:10:12 ----D---- C:\Windows\Prefetch
2014-01-14 11:07:01 ----D---- C:\ProgramData\NVIDIA
2014-01-14 10:49:10 ----RD---- C:\Program Files
2014-01-14 09:56:03 ----D---- C:\Windows\system32\drivers
2014-01-14 09:39:35 ----HD---- C:\ProgramData
2014-01-14 09:38:57 ----D---- C:\Windows\System32
2014-01-14 09:38:57 ----D---- C:\Windows\inf
2014-01-14 09:38:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-14 08:54:21 ----SHD---- C:\System Volume Information
2014-01-13 22:16:42 ----D---- C:\Users\Praetor\AppData\Roaming\uTorrent
2014-01-13 16:09:56 ----D---- C:\Users\Praetor\AppData\Roaming\vlc
2014-01-12 20:14:55 ----D---- C:\Users\Praetor\AppData\Roaming\Audacity
2014-01-12 17:35:23 ----D---- C:\Users\Praetor\AppData\Roaming\Dropbox
2014-01-08 15:04:42 ----D---- C:\Windows
2014-01-08 15:03:31 ----D---- C:\Windows\Minidump
2014-01-08 14:30:44 ----D---- C:\Windows\SysWOW64
2014-01-08 14:30:15 ----D---- C:\Windows\Logs
2014-01-08 14:30:07 ----RSD---- C:\Windows\assembly
2014-01-08 14:29:21 ----D---- C:\Windows\system32\catroot
2014-01-08 14:29:20 ----D---- C:\Windows\system32\DriverStore
2014-01-07 16:08:44 ----D---- C:\Windows\system32\catroot2
2014-01-05 20:10:56 ----D---- C:\Windows\rescache
2014-01-05 19:35:45 ----D---- C:\Windows\system32\Tasks
2014-01-05 19:35:36 ----A---- C:\Windows\system32\aswBoot.exe
2014-01-05 18:02:43 ----D---- C:\Windows\system32\NDF
2014-01-05 11:51:14 ----RD---- C:\Program Files (x86)
2014-01-05 11:34:51 ----SHD---- C:\Windows\Installer
2014-01-05 11:34:43 ----D---- C:\Program Files\Internet Explorer
2014-01-05 11:32:38 ----D---- C:\Program Files (x86)\Common Files
2014-01-04 23:33:08 ----D---- C:\Users\Praetor\AppData\Roaming\DAEMON Tools Lite
2014-01-04 23:31:43 ----D---- C:\Program Files\CCleaner
2014-01-04 23:23:52 ----D---- C:\Windows\winsxs
2014-01-04 23:22:14 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-01-04 23:22:14 ----D---- C:\Windows\system32\cs-CZ
2014-01-04 23:22:14 ----D---- C:\Windows\PolicyDefinitions
2014-01-04 17:35:25 ----D---- C:\Windows\Tasks
2014-01-04 17:01:46 ----D---- C:\Users\Praetor\AppData\Roaming\Adobe
2014-01-03 16:43:37 ----SD---- C:\Users\Praetor\AppData\Roaming\Microsoft
2014-01-02 16:24:41 ----RSD---- C:\Windows\Fonts
2014-01-02 11:40:32 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-12-20 14:46:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-16 07:06:46 ----D---- C:\Windows\Panther
2013-12-16 07:06:41 ----D---- C:\Windows\debug
2013-12-15 02:02:14 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-20 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-05 207904]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-10-04 55952]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-20 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-01-05 1034464]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-01-05 422216]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-17 283200]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-01-05 78648]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-01-05 79672]
R3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2013-11-12 14136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-05-28 3432776]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-06-16 196384]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-05 39200]
R3 PTSimBus;PenTablet Bus Enumerator; C:\Windows\system32\DRIVERS\PTSimBus.sys [2012-12-22 32128]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-27 805088]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2013-11-12 90424]
R3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2013-11-12 15160]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\Windows\system32\DRIVERS\PTSimHid.sys [2012-12-22 22912]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 Tablet2k;Serial Tablet Port Driver; C:\Windows\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\Windows\system32\DRIVERS\TClass2k.sys [2012-12-22 32128]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 UCTblHid;HID Tablet Port Driver; C:\Windows\system32\DRIVERS\UCTblHid.sys [2012-12-22 27520]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-05-04 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-05 50344]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15129376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-23 922912]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 WinTabService;WinTab Service; C:\Windows\System32\Drivers\WTSRV.EXE [2012-12-22 81792]
R2 WTabletServicePro;Wacom Professional Service; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-12-04 621336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2013-08-22 37176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-07 569768]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

[Praetor]

Pouze kontrolní dotaz, týká se to také e-readeru a kamery? Abych si něco nepokazil

[vyosek]

Zatim pripojte jen ten flash disk

[Praetor]

Zde je log

############################## | UsbFix V 7.134 | [Deletion]

User: Praetor (Administrator) # PRAETOR-PC
Updated 06/09/2013 by El Desaparecido
Started at 13:46:57 | 14/01/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: MICRO-STAR INTERNATIONAL CO.,LTD (MS-7367) (x64-based PC)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2494)
RAM -> [Total : 6143 | Free : 3987]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.16476

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 130 Gb (57 Mb free - 44%) [] # NTFS
D:\ -> Fixed drive # 932 Gb (226 Mb free - 24%) [] # NTFS
E:\ -> Fixed drive # 19 Gb (15 Mb free - 77%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Removable drive # 7 Gb (6 Mb free - 83%) [KINGSTON] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [WTClient] - WTClient.exe
HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [AdobeBridge] -
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [cz.seznam.software.autoupdate] - "C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [cz.seznam.software.szndesktop] - "C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [] -
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
HKU\S-1-5-21-2976622430-3614063898-2287081182-1001\SOFTWARE | Run : [okyy] - wscript.exe //B "C:\Users\Praetor\AppData\Roaming\okyy.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (812)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (836)
Stopped! C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (1164)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1208)
Stopped! C:\Windows\system32\nvvsvc.exe (1216)
Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (1236)
Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (1520)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1528)
Stopped! C:\Windows\System32\spoolsv.exe (1832)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1952)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1972)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (2032)
Stopped! C:\Windows\system32\taskhost.exe (1412)
Stopped! C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (1492)
Stopped! C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe (1424)
Stopped! C:\Windows\system32\rundll32.exe (2104)
Stopped! C:\Windows\System32\Drivers\WTSRV.EXE (2264)
Stopped! C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (2812)
Stopped! C:\Program Files\Tablet\Wacom\WacomHost.exe (2820)
Stopped! C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (2896)
Stopped! C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (2932)
Stopped! C:\Windows\System32\rundll32.exe (2888)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (3248)
Stopped! C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (3436)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3920)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (4004)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4028)
Stopped! C:\Windows\system32\SearchIndexer.exe (3620)
Stopped! C:\Windows\SysWOW64\rundll32.exe (3656)
Stopped! C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (3792)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3372)
Stopped! C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe (3848)
Stopped! C:\Windows\System32\wscript.exe (3864)
Stopped! C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (3916)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (3304)
Stopped! C:\Windows\system32\WUDFHost.exe (3116)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3884)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3240)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (5000)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (4244)
Stopped! C:\Windows\SysWOW64\ctfmon.exe (4164)

################## | Files # Infected Folders |

Deleted ! C:\Users\Praetor\AppData\Roaming\okyy.vbs
Deleted ! I:\okyy.vbs
Deleted ! I:\autorun.lnk
Deleted ! I:\scan.lnk
Deleted ! I:\Týdny pro les.doc.lnk
Deleted ! I:\log.lnk
Deleted ! I:\Týdny pro les.lnk
Deleted ! I:\Bjorn_Lomborg_-_The_Skeptical_Environmentalist.lnk
Deleted ! I:\Smlouva_o_spolupraci_pri_realizaci_odborne_praxe.lnk
Deleted ! I:\Dilophosaurus BW4.lnk
Deleted ! I:\zadani_dp.lnk
Deleted ! I:\.lnk
Deleted ! I:\Diplomka zadání.lnk
Deleted ! I:\Banát.lnk
Deleted ! I:\Enviromentální ideologie - konflikt.lnk
Deleted ! I:\Kraví hora ideologie.lnk
Deleted ! I:\webova_rezie.lnk
Deleted ! I:\Kamil_Libor_UX.lnk
Deleted ! I:\Barbora Peková.lnk
Deleted ! I:\Nepotříděno.lnk
Deleted ! I:\Diplomová práce - Bushcraft.lnk
Deleted ! I:\DP námět, zadani.lnk
Deleted ! I:\.disk.lnk
Deleted ! C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\okyy.vbs
Deleted ! C:\Users\Praetor\AppData\Local\Temp\Drives.vbs

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|okyy

################## | Mountpoints2 |


################## | Listing |

[13/07/2013 - 11:01:23 | SHD ] C:\$Recycle.Bin
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[12/01/2014 - 16:37:35 | D ] C:\HDWLE20_TMP
[14/01/2014 - 11:06:54 | ASH | 4831387648] C:\hiberfil.sys
[14/07/2013 - 09:20:23 | N | 189] C:\mylog.log
[14/01/2014 - 11:06:55 | ASH | 6441852928] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[14/01/2014 - 10:49:10 | D ] C:\Program Files
[05/01/2014 - 11:51:14 | D ] C:\Program Files (x86)
[14/01/2014 - 09:39:35 | HD ] C:\ProgramData
[13/07/2013 - 10:59:03 | SHD ] C:\Recovery
[14/07/2013 - 09:18:47 | N | 2444] C:\RHDSetup.log
[14/01/2014 - 10:49:17 | D ] C:\rsit
[14/01/2014 - 08:54:21 | SHD ] C:\System Volume Information
[14/01/2014 - 09:53:08 | N | 354] C:\TDSSKiller.2.8.16.0_14.01.2014_09.52.59_log.txt
[14/01/2014 - 09:54:15 | N | 7336] C:\TDSSKiller.3.0.0.19_14.01.2014_09.53.30_log.txt
[14/01/2014 - 10:03:01 | N | 691524] C:\TDSSKiller.3.0.0.19_14.01.2014_09.57.03_log.txt
[14/01/2014 - 13:50:49 | D ] C:\UsbFix
[14/01/2014 - 13:51:11 | A | 9894] C:\UsbFix [Clean 1] PRAETOR-PC.txt
[04/12/2013 - 09:22:00 | D ] C:\Users
[08/01/2014 - 15:04:42 | D ] C:\Windows
[13/07/2013 - 11:01:23 | SHD ] D:\$RECYCLE.BIN
[22/10/2012 - 00:18:23 | D ] D:\$WINDOWS.~BT
[28/11/2013 - 13:54:06 | D ] D:\Download
[13/07/2013 - 09:14:55 | D ] D:\Dočasné
[12/01/2014 - 15:33:50 | D ] D:\Dropbox
[02/01/2014 - 12:05:33 | D ] D:\Filmy
[07/10/2013 - 22:34:18 | D ] D:\Flashka potřídit
[13/07/2013 - 09:19:34 | D ] D:\Fotky
[05/01/2014 - 22:24:49 | D ] D:\Games
[28/11/2013 - 14:26:02 | D ] D:\Image
[07/10/2013 - 14:13:31 | D ] D:\Knihy-skripta
[07/11/2012 - 15:16:34 | D ] D:\Mišmaš
[01/12/2006 - 23:37:14 | N | 904704] D:\msdia80.dll
[30/10/2013 - 18:24:37 | D ] D:\msdownld.tmp
[05/01/2014 - 18:55:40 | D ] D:\Music
[08/01/2014 - 13:03:24 | D ] D:\Na web
[13/07/2013 - 09:36:18 | D ] D:\Obrazky
[23/10/2012 - 12:32:42 | D ] D:\Programy
[06/03/2013 - 21:08:32 | D ] D:\Rozepsané
[13/01/2014 - 14:53:55 | D ] D:\Rozmalované
[07/11/2012 - 15:02:42 | D ] D:\Save
[22/10/2012 - 00:09:12 | SHD ] D:\System Volume Information
[12/01/2014 - 16:26:52 | D ] D:\Videa
[22/10/2012 - 00:18:24 | N | 268435456] D:\WinPEpge.sys
[13/07/2013 - 11:01:23 | SHD ] E:\$RECYCLE.BIN
[28/11/2013 - 14:25:07 | D ] E:\Download
[17/12/2013 - 13:45:57 | D ] E:\Elemental.War.of.Magic-SKIDROW [semlimites.org]
[06/12/2013 - 21:02:24 | D ] E:\Frankenweenie (1984)
[06/12/2013 - 21:00:56 | D ] E:\Frankenweenie.2012.DVDRip.XviD-COCAIN
[13/01/2014 - 21:57:34 | D ] E:\Inspiral Carpets - Discography 1990-2007 (By Jamal The Moroccan)
[22/10/2012 - 21:17:53 | SHD ] E:\System Volume Information
[07/12/2006 - 21:07:28 | RAD ] H:\VIDEO_TS
[20/09/2013 - 11:31:44 | N | 27136] I:\Týdny pro les.doc
[02/07/2013 - 18:00:00 | N | 41420362] I:\Bjorn_Lomborg_-_The_Skeptical_Environmentalist.rar
[22/07/2013 - 12:56:14 | D ] I:\scan
[02/09/2013 - 11:45:58 | N | 71820] I:\Smlouva_o_spolupraci_pri_realizaci_odborne_praxe.docx
[06/01/2014 - 14:31:48 | N | 3817434] I:\Dilophosaurus BW4.jpg
[14/01/2014 - 10:20:40 | N | 1456] I:\log.txt
[24/10/2013 - 12:44:22 | N | 36600] I:\zadani_dp.rtf
[23/06/2013 - 16:44:32 | D ] I:\Barbora Peková
[23/06/2013 - 16:44:34 | D ] I:\Nepotříděno
[24/10/2013 - 12:44:22 | N | 103] I:\.~lock.zadani_dp.rtf#
[22/10/2013 - 10:45:48 | N | 18432] I:\Diplomka zadání.doc
[14/10/2013 - 16:15:34 | D ] I:\Diplomová práce - Bushcraft
[13/01/2014 - 11:25:36 | N | 13734912] I:\Banát.ppt
[25/10/2013 - 09:42:18 | D ] I:\DP námět, zadani
[28/12/2013 - 11:33:24 | N | 36352] I:\Enviromentální ideologie - konflikt.doc
[06/11/2013 - 12:38:44 | N | 15677] I:\Kraví hora ideologie.doc
[06/11/2013 - 12:39:02 | N | 103] I:\.~lock.Kraví hora ideologie.doc#
[12/10/2011 - 17:15:42 | D ] I:\.disk
[01/07/2013 - 07:06:52 | N | 3932034] I:\webova_rezie.pdf
[27/11/2013 - 17:51:10 | N | 40448] I:\Kamil_Libor_UX.doc
[12/10/2011 - 17:15:42 | N | 143] I:\autorun.bak
[13/01/2014 - 11:25:24 | N | 103] I:\.~lock.Banát.ppt#

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

[vyosek]

Nedavejte log do code

Data na flash disku jsou jiz viditelna??

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Praetor]

Omlouvám se, musel jsem odběhnout do práce. Zde je log z FRST. Jinak soubory na flashce se zobrazují normálně.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Praetor (administrator) on PRAETOR-PC on 14-01-2014 17:17:54
Running from C:\Users\Praetor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
(UC-Logic Technology Corp.) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
() C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WTClient] - C:\Windows\SysWOW64\WTClient.exe [40832 2012-12-22] (Tablet Driver)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-05] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [NextLive] - C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
AppInit_DLLs-x32: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - ${searchCLSID} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKCU - {23903722-F29D-4F12-B8FA-B89F3759936B} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {521562C3-A19A-45B1-9F42-A36E28EA1D47} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {6E5E1F3E-0368-41F8-BC48-D153603FD012} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {6F1E5ABA-3FF7-42A6-957D-DB4AED8BA6DD} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {74A83F72-D235-499D-9022-CA0DE253E068} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {7DC7927D-F07C-4457-BCEE-ED24FB1F1B87} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {A357E378-2EE4-4677-9603-A2B6380EEE0B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {B7023E81-DF5D-4047-A0E7-982A25B2A96D} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {E02BDFF7-C7FD-4FA0-A45C-5CEE436F4807} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637
FF Homepage: hxxp://www.google.com/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\searchplugins\creative-commons-search-beta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FT GraphiteGlow - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2014-01-07]
FF Extension: DownloadHelper - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Download Status Bar - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-02]
FF Extension: NoScript - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-13]
FF Extension: Adblock Plus - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-13]
FF Extension: DownThemAll! - C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-07-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-13]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\Praetor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0 [2013-10-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-05] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [81792 2012-12-22] (UC-Logic Technology Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-05] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-17] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 17:17 - 2014-01-14 17:18 - 00015501 _____ C:\Users\Praetor\Desktop\FRST.txt
2014-01-14 17:17 - 2014-01-14 17:17 - 00000000 ____D C:\FRST
2014-01-14 17:15 - 2014-01-14 17:15 - 02075648 _____ (Farbar) C:\Users\Praetor\Desktop\FRST64.exe
2014-01-14 17:14 - 2014-01-14 17:14 - 00111396 _____ C:\Users\Praetor\Desktop\FRSTLauncher.exe
2014-01-14 15:24 - 2014-01-14 15:31 - 13738496 _____ C:\Users\Praetor\Desktop\Banát.ppt
2014-01-14 13:46 - 2014-01-14 13:51 - 00013306 _____ C:\UsbFix [Clean 1] PRAETOR-PC.txt
2014-01-14 13:29 - 2014-01-14 13:50 - 00000000 ____D C:\UsbFix
2014-01-14 13:28 - 2014-01-14 13:28 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Praetor\Desktop\UsbFix.exe
2014-01-14 10:49 - 2014-01-14 13:12 - 00000000 ____D C:\Program Files\trend micro
2014-01-14 10:49 - 2014-01-14 10:49 - 00000000 ____D C:\rsit
2014-01-14 10:48 - 2014-01-14 10:48 - 00935175 _____ C:\Users\Praetor\Downloads\RSITx64.exe
2014-01-14 09:53 - 2014-01-14 09:53 - 04101441 _____ C:\Users\Praetor\Downloads\tdsskiller(1).zip
2014-01-14 09:39 - 2014-01-14 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-14 09:39 - 2014-01-14 09:39 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-14 09:39 - 2014-01-14 09:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 09:38 - 2014-01-14 09:39 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-14 09:35 - 2014-01-14 09:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Praetor\Downloads\mbar-1.07.0.1008.exe
2014-01-14 09:35 - 2014-01-14 09:35 - 02218636 _____ C:\Users\Praetor\Downloads\tdsskiller.zip
2014-01-13 09:11 - 2014-01-13 09:11 - 39417216 _____ (Digiarty Software, Inc. ) C:\Users\Praetor\Downloads\winx-hd-converter-deluxe.exe
2014-01-09 16:20 - 2014-01-11 13:49 - 00000000 ____D C:\Users\Praetor\AppData\Local\CrashDumps
2014-01-09 10:36 - 2014-01-09 10:36 - 00000000 ____D C:\Users\Praetor\Documents\ZPS15
2014-01-09 10:10 - 2014-01-09 10:36 - 00000000 ____D C:\Users\Praetor\AppData\Local\Zoner
2014-01-09 00:17 - 2014-01-09 00:17 - 00000000 ____D C:\ProgramData\Zoner
2014-01-09 00:16 - 2014-01-09 00:16 - 00000000 ____D C:\Program Files\Zoner
2014-01-09 00:02 - 2014-01-09 00:15 - 72888757 _____ C:\Users\Praetor\Downloads\ZonerPhotoStudio15PRO.zip
2014-01-08 15:03 - 2014-01-08 15:03 - 01186232 _____ C:\Windows\Minidump\010814-21949-01.dmp
2014-01-08 14:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-08 14:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-08 14:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-08 14:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-08 14:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-08 14:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-08 14:29 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-08 14:29 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-06 10:51 - 2014-01-08 15:03 - 576742402 _____ C:\Windows\MEMORY.DMP
2014-01-06 10:51 - 2014-01-06 10:51 - 00308752 _____ C:\Windows\Minidump\010614-22401-01.dmp
2014-01-05 22:18 - 2014-01-05 22:23 - 414929996 _____ (Crystal Shard ) C:\Users\Praetor\Downloads\HeroinesQuestSetup.exe
2014-01-05 21:50 - 2014-01-05 22:13 - 414488152 _____ C:\Users\Praetor\Downloads\HeroinesQuest.zip
2014-01-05 19:35 - 2014-01-05 19:35 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-05 15:22 - 2014-01-05 15:22 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Apple Computer
2014-01-05 11:51 - 2014-01-05 11:51 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-05 11:48 - 2014-01-05 11:48 - 00923784 _____ (CNET Download.com) C:\Users\Praetor\Downloads\cbsidlm-cbsi145-Free_M4a_to_MP3_Converter-ORG-187723.exe
2014-01-05 11:37 - 2014-01-05 11:37 - 00000000 ____D C:\Users\Praetor\AppData\Local\Apple Computer
2014-01-05 11:34 - 2014-01-05 11:34 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 11:34 - 2014-01-05 11:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\Users\Praetor\AppData\Local\Apple
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-05 11:31 - 2014-01-05 11:31 - 41404760 _____ (Apple Inc.) C:\Users\Praetor\Downloads\QuickTimeInstaller.exe
2014-01-05 10:17 - 2014-01-14 17:09 - 00008223 _____ C:\Windows\setupact.log
2014-01-05 10:17 - 2014-01-05 19:37 - 00066308 _____ C:\Windows\PFRO.log
2014-01-05 10:17 - 2014-01-05 10:17 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 23:33 - 2014-01-04 23:33 - 00002708 _____ C:\Users\Praetor\Documents\cc_20140104_233337.reg
2014-01-04 23:30 - 2014-01-04 23:30 - 04645232 _____ (Piriform Ltd) C:\Users\Praetor\Downloads\ccsetup409.exe
2014-01-04 22:41 - 2014-01-04 22:41 - 00778658 _____ C:\Users\Praetor\Downloads\20140104 213517.m4a
2014-01-04 17:32 - 2014-01-04 23:32 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-01-04 17:32 - 2014-01-04 23:32 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2014-01-04 17:29 - 2014-01-04 17:29 - 00134554 _____ C:\Users\Praetor\Downloads\my_watermark.zip
2014-01-04 11:44 - 2014-01-05 15:23 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\dvdcss
2014-01-04 11:40 - 2014-01-13 14:37 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\WTablet
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____D C:\Program Files\TabletPlugins
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2014-01-03 16:32 - 2013-11-12 01:16 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2014-01-03 16:31 - 2014-01-03 16:32 - 00000000 ____D C:\Program Files\Tablet
2014-01-03 16:31 - 2013-12-04 17:35 - 01945880 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01938712 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01805080 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01604376 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01596696 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01483032 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-01-03 16:31 - 2013-12-04 17:35 - 01479960 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-01-03 16:31 - 2013-11-12 01:16 - 00090424 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2014-01-03 16:31 - 2013-11-12 01:16 - 00014136 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-01-03 16:31 - 2012-12-11 23:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2014-01-03 16:31 - 2012-12-11 23:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2014-01-02 16:49 - 2014-01-02 16:49 - 23538092 _____ C:\Users\Praetor\Downloads\locastans Minimap_3rdGen_810a.zip
2014-01-02 16:25 - 2014-01-02 16:25 - 01285273 _____ C:\Users\Praetor\Downloads\sauron-8.10--sound.zip
2014-01-02 16:13 - 2014-01-02 16:13 - 02403548 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35.zip
2014-01-02 16:13 - 2014-01-02 16:13 - 02403548 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35(1).zip
2014-01-02 14:21 - 2014-01-02 14:21 - 14777389 _____ (Aslain ) C:\Users\Praetor\Downloads\Aslains_XVM_Mod_Installer_v.3.1.27_810.exe
2014-01-02 14:18 - 2014-01-02 14:18 - 01872263 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35_--_Curse_Client.zip
2014-01-02 12:08 - 2014-01-12 16:37 - 00000000 ____D C:\HDWLE20_TMP
2014-01-02 12:02 - 2014-01-02 12:02 - 00000000 ____D C:\Users\Praetor\AppData\Local\Panasonic
2014-01-02 12:02 - 2014-01-02 12:02 - 00000000 ____D C:\ProgramData\Panasonic
2014-01-02 11:47 - 2011-10-04 16:29 - 00055952 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-01-02 11:47 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2014-01-02 11:47 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Panasonic
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-20 02:48 - 2013-12-20 02:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:16 - 2013-12-19 17:16 - 00931930 _____ C:\Users\Praetor\Downloads\MIC-2013-12-19_15h51m53s.WAV
2013-12-19 17:07 - 2013-12-19 17:07 - 00727642 _____ C:\Users\Praetor\Downloads\MIC-2013-12-19_15h50m11s.WAV
2013-12-16 07:05 - 2013-12-16 07:05 - 04618136 _____ (Piriform Ltd) C:\Users\Praetor\Downloads\ccsetup408.exe
2013-12-16 06:48 - 2013-12-16 06:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Praetor\Downloads\revosetup.exe
2013-12-15 21:59 - 2013-12-15 22:00 - 167311916 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala(2).mp4
2013-12-15 21:59 - 2013-12-15 21:59 - 00000000 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala(1).mp4
2013-12-15 21:58 - 2013-12-15 21:58 - 00000000 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala.mp4
2013-12-15 20:11 - 2013-12-15 20:11 - 06116287 _____ C:\Users\Praetor\Downloads\25642CFU145E_SK.flv
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\screenrecorder
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\ProgramData\cutescreenrecorderfree
2013-12-15 17:41 - 2014-01-14 17:10 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\newnext.me
2013-12-15 17:41 - 2014-01-04 15:08 - 00000000 ____D C:\Users\Praetor\.android
2013-12-15 17:41 - 2013-12-15 17:45 - 00000000 ____D C:\Users\Praetor\AppData\Local\Mobogenie
2013-12-15 17:41 - 2013-12-15 17:45 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-15 17:41 - 2013-12-15 17:42 - 00000000 ____D C:\Users\Praetor\AppData\Local\cache
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\Documents\Mobogenie
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\AppData\Local\genienext
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Program Files (x86)\Cute Screen Recorder
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 _____ C:\Users\Praetor\daemonprocess.txt
2013-12-15 17:41 - 2012-09-19 10:06 - 00000221 _____ C:\ProgramData\cutescreenrecorder.ini
2013-12-15 17:40 - 2013-12-15 17:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-15 17:40 - 2013-12-15 17:40 - 00923784 _____ (CNET Download.com) C:\Users\Praetor\Downloads\cbsidlm-cbsi145-Cute_Screen_Recorder_Free-ORG-75221901.exe
2013-12-15 16:32 - 2013-12-15 16:32 - 00003584 _____ C:\Users\Praetor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-15 16:26 - 2013-12-15 16:26 - 00000000 ____D C:\Program Files (x86)\AVIscreen capture
2013-12-15 16:25 - 2013-12-15 16:25 - 00342983 _____ C:\Users\Praetor\Downloads\AVICapt.zip

==================== One Month Modified Files and Folders =======

2014-01-14 17:18 - 2014-01-14 17:17 - 00015501 _____ C:\Users\Praetor\Desktop\FRST.txt
2014-01-14 17:17 - 2014-01-14 17:17 - 00000000 ____D C:\FRST
2014-01-14 17:16 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 17:16 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 17:15 - 2014-01-14 17:15 - 02075648 _____ (Farbar) C:\Users\Praetor\Desktop\FRST64.exe
2014-01-14 17:15 - 2013-08-17 00:20 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Seznam.cz
2014-01-14 17:14 - 2014-01-14 17:14 - 00111396 _____ C:\Users\Praetor\Desktop\FRSTLauncher.exe
2014-01-14 17:12 - 2013-07-13 10:51 - 01862955 _____ C:\Windows\WindowsUpdate.log
2014-01-14 17:11 - 2013-09-30 22:16 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-14 17:10 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\newnext.me
2014-01-14 17:09 - 2014-01-05 10:17 - 00008223 _____ C:\Windows\setupact.log
2014-01-14 17:08 - 2013-07-13 11:12 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-14 17:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 15:45 - 2013-07-13 23:37 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\vlc
2014-01-14 15:31 - 2014-01-14 15:24 - 13738496 _____ C:\Users\Praetor\Desktop\Banát.ppt
2014-01-14 14:42 - 2013-12-12 10:37 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 13:51 - 2014-01-14 13:46 - 00013306 _____ C:\UsbFix [Clean 1] PRAETOR-PC.txt
2014-01-14 13:50 - 2014-01-14 13:29 - 00000000 ____D C:\UsbFix
2014-01-14 13:50 - 2013-07-13 11:01 - 00000000 ___RD C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 13:28 - 2014-01-14 13:28 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Praetor\Desktop\UsbFix.exe
2014-01-14 13:12 - 2014-01-14 10:49 - 00000000 ____D C:\Program Files\trend micro
2014-01-14 10:49 - 2014-01-14 10:49 - 00000000 ____D C:\rsit
2014-01-14 10:48 - 2014-01-14 10:48 - 00935175 _____ C:\Users\Praetor\Downloads\RSITx64.exe
2014-01-14 09:59 - 2013-07-13 11:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-14 09:53 - 2014-01-14 09:53 - 04101441 _____ C:\Users\Praetor\Downloads\tdsskiller(1).zip
2014-01-14 09:51 - 2014-01-14 09:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-14 09:39 - 2014-01-14 09:39 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-14 09:39 - 2014-01-14 09:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 09:39 - 2014-01-14 09:38 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-14 09:38 - 2009-07-14 16:18 - 00666406 _____ C:\Windows\system32\perfh005.dat
2014-01-14 09:38 - 2009-07-14 16:18 - 00140102 _____ C:\Windows\system32\perfc005.dat
2014-01-14 09:38 - 2009-07-14 06:13 - 01577410 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 09:35 - 2014-01-14 09:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Praetor\Downloads\mbar-1.07.0.1008.exe
2014-01-14 09:35 - 2014-01-14 09:35 - 02218636 _____ C:\Users\Praetor\Downloads\tdsskiller.zip
2014-01-14 08:59 - 2013-07-13 12:32 - 00000000 ____D C:\Users\Praetor\AppData\Local\Adobe
2014-01-13 22:16 - 2013-07-13 12:08 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\uTorrent
2014-01-13 14:37 - 2014-01-04 11:40 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\WTablet
2014-01-13 09:11 - 2014-01-13 09:11 - 39417216 _____ (Digiarty Software, Inc. ) C:\Users\Praetor\Downloads\winx-hd-converter-deluxe.exe
2014-01-12 20:14 - 2013-07-14 21:52 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Audacity
2014-01-12 17:35 - 2013-10-19 11:08 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Dropbox
2014-01-12 16:37 - 2014-01-02 12:08 - 00000000 ____D C:\HDWLE20_TMP
2014-01-12 16:37 - 2013-07-17 18:13 - 00000000 ____D C:\Users\Praetor\dwhelper
2014-01-11 13:49 - 2014-01-09 16:20 - 00000000 ____D C:\Users\Praetor\AppData\Local\CrashDumps
2014-01-11 10:40 - 2009-07-14 06:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-09 10:36 - 2014-01-09 10:36 - 00000000 ____D C:\Users\Praetor\Documents\ZPS15
2014-01-09 10:36 - 2014-01-09 10:10 - 00000000 ____D C:\Users\Praetor\AppData\Local\Zoner
2014-01-09 00:17 - 2014-01-09 00:17 - 00000000 ____D C:\ProgramData\Zoner
2014-01-09 00:16 - 2014-01-09 00:16 - 00000000 ____D C:\Program Files\Zoner
2014-01-09 00:15 - 2014-01-09 00:02 - 72888757 _____ C:\Users\Praetor\Downloads\ZonerPhotoStudio15PRO.zip
2014-01-08 15:03 - 2014-01-08 15:03 - 01186232 _____ C:\Windows\Minidump\010814-21949-01.dmp
2014-01-08 15:03 - 2014-01-06 10:51 - 576742402 _____ C:\Windows\MEMORY.DMP
2014-01-08 15:03 - 2013-07-29 22:03 - 00000000 ____D C:\Windows\Minidump
2014-01-06 10:51 - 2014-01-06 10:51 - 00308752 _____ C:\Windows\Minidump\010614-22401-01.dmp
2014-01-05 22:23 - 2014-01-05 22:18 - 414929996 _____ (Crystal Shard ) C:\Users\Praetor\Downloads\HeroinesQuestSetup.exe
2014-01-05 22:13 - 2014-01-05 21:50 - 414488152 _____ C:\Users\Praetor\Downloads\HeroinesQuest.zip
2014-01-05 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-05 19:37 - 2014-01-05 10:17 - 00066308 _____ C:\Windows\PFRO.log
2014-01-05 19:35 - 2014-01-05 19:35 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-05 19:35 - 2013-07-13 11:06 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-05 19:35 - 2013-07-13 11:06 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-05 19:35 - 2013-07-13 11:06 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-05 19:35 - 2013-07-13 11:06 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-05 19:35 - 2013-07-13 11:06 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-05 19:35 - 2013-07-13 11:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-05 18:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-05 15:23 - 2014-01-04 11:44 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\dvdcss
2014-01-05 15:22 - 2014-01-05 15:22 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Apple Computer
2014-01-05 11:51 - 2014-01-05 11:51 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-05 11:48 - 2014-01-05 11:48 - 00923784 _____ (CNET Download.com) C:\Users\Praetor\Downloads\cbsidlm-cbsi145-Free_M4a_to_MP3_Converter-ORG-187723.exe
2014-01-05 11:37 - 2014-01-05 11:37 - 00000000 ____D C:\Users\Praetor\AppData\Local\Apple Computer
2014-01-05 11:34 - 2014-01-05 11:34 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 11:34 - 2014-01-05 11:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\Users\Praetor\AppData\Local\Apple
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 11:32 - 2014-01-05 11:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-05 11:31 - 2014-01-05 11:31 - 41404760 _____ (Apple Inc.) C:\Users\Praetor\Downloads\QuickTimeInstaller.exe
2014-01-05 10:17 - 2014-01-05 10:17 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 23:33 - 2014-01-04 23:33 - 00002708 _____ C:\Users\Praetor\Documents\cc_20140104_233337.reg
2014-01-04 23:33 - 2013-08-17 00:20 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\DAEMON Tools Lite
2014-01-04 23:32 - 2014-01-04 17:32 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-01-04 23:32 - 2014-01-04 17:32 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2014-01-04 23:31 - 2013-08-17 09:49 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-04 23:31 - 2013-08-17 09:49 - 00000000 ____D C:\Program Files\CCleaner
2014-01-04 23:30 - 2014-01-04 23:30 - 04645232 _____ (Piriform Ltd) C:\Users\Praetor\Downloads\ccsetup409.exe
2014-01-04 23:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-04 22:41 - 2014-01-04 22:41 - 00778658 _____ C:\Users\Praetor\Downloads\20140104 213517.m4a
2014-01-04 17:29 - 2014-01-04 17:29 - 00134554 _____ C:\Users\Praetor\Downloads\my_watermark.zip
2014-01-04 17:01 - 2013-07-13 12:33 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\Adobe
2014-01-04 15:08 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\.android
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____D C:\Program Files\TabletPlugins
2014-01-03 16:32 - 2014-01-03 16:32 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2014-01-03 16:32 - 2014-01-03 16:31 - 00000000 ____D C:\Program Files\Tablet
2014-01-03 10:14 - 2009-07-14 05:45 - 04944904 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 18:12 - 2013-07-13 11:45 - 00070656 _____ C:\Users\Praetor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 16:49 - 2014-01-02 16:49 - 23538092 _____ C:\Users\Praetor\Downloads\locastans Minimap_3rdGen_810a.zip
2014-01-02 16:25 - 2014-01-02 16:25 - 01285273 _____ C:\Users\Praetor\Downloads\sauron-8.10--sound.zip
2014-01-02 16:13 - 2014-01-02 16:13 - 02403548 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35.zip
2014-01-02 16:13 - 2014-01-02 16:13 - 02403548 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35(1).zip
2014-01-02 14:21 - 2014-01-02 14:21 - 14777389 _____ (Aslain ) C:\Users\Praetor\Downloads\Aslains_XVM_Mod_Installer_v.3.1.27_810.exe
2014-01-02 14:18 - 2014-01-02 14:18 - 01872263 _____ C:\Users\Praetor\Downloads\J1mB0_s_Crosshair_Mod_v1.35_--_Curse_Client.zip
2014-01-02 12:02 - 2014-01-02 12:02 - 00000000 ____D C:\Users\Praetor\AppData\Local\Panasonic
2014-01-02 12:02 - 2014-01-02 12:02 - 00000000 ____D C:\ProgramData\Panasonic
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Panasonic
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2014-01-02 11:40 - 2014-01-02 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-02 11:40 - 2013-07-13 12:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-20 14:46 - 2013-07-13 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 02:49 - 2013-12-20 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:16 - 2013-12-19 17:16 - 00931930 _____ C:\Users\Praetor\Downloads\MIC-2013-12-19_15h51m53s.WAV
2013-12-19 17:07 - 2013-12-19 17:07 - 00727642 _____ C:\Users\Praetor\Downloads\MIC-2013-12-19_15h50m11s.WAV
2013-12-16 07:06 - 2013-07-13 11:48 - 00000000 ____D C:\Windows\Panther
2013-12-16 07:05 - 2013-12-16 07:05 - 04618136 _____ (Piriform Ltd) C:\Users\Praetor\Downloads\ccsetup408.exe
2013-12-16 06:48 - 2013-12-16 06:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Praetor\Downloads\revosetup.exe
2013-12-15 22:00 - 2013-12-15 21:59 - 167311916 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala(2).mp4
2013-12-15 21:59 - 2013-12-15 21:59 - 00000000 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala(1).mp4
2013-12-15 21:58 - 2013-12-15 21:58 - 00000000 _____ C:\Users\Praetor\Downloads\Ekoanketa_3_mala.mp4
2013-12-15 20:11 - 2013-12-15 20:11 - 06116287 _____ C:\Users\Praetor\Downloads\25642CFU145E_SK.flv
2013-12-15 17:49 - 2013-12-15 17:40 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-15 17:47 - 2013-07-13 11:01 - 00000000 ____D C:\Users\Praetor\AppData\Local\VirtualStore
2013-12-15 17:45 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\AppData\Local\Mobogenie
2013-12-15 17:45 - 2013-12-15 17:41 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\Users\Praetor\AppData\Roaming\screenrecorder
2013-12-15 17:42 - 2013-12-15 17:42 - 00000000 ____D C:\ProgramData\cutescreenrecorderfree
2013-12-15 17:42 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\AppData\Local\cache
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\Documents\Mobogenie
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Users\Praetor\AppData\Local\genienext
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 ____D C:\Program Files (x86)\Cute Screen Recorder
2013-12-15 17:41 - 2013-12-15 17:41 - 00000000 _____ C:\Users\Praetor\daemonprocess.txt
2013-12-15 17:41 - 2013-07-13 10:59 - 00000000 ____D C:\Users\Praetor
2013-12-15 17:40 - 2013-12-15 17:40 - 00923784 _____ (CNET Download.com) C:\Users\Praetor\Downloads\cbsidlm-cbsi145-Cute_Screen_Recorder_Free-ORG-75221901.exe
2013-12-15 16:32 - 2013-12-15 16:32 - 00003584 _____ C:\Users\Praetor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-15 16:26 - 2013-12-15 16:26 - 00000000 ____D C:\Program Files (x86)\AVIscreen capture
2013-12-15 16:25 - 2013-12-15 16:25 - 00342983 _____ C:\Users\Praetor\Downloads\AVICapt.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 13:23

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
  HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
  HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
  HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
  HKCU\...\Run: [AdobeBridge] - [x]
  HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
  HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
  HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
  HKCU\...\Run: [] - [x]
  HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
  HKCU\...\Run: [NextLive] - C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
  HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
  AppInit_DLLs-x32: [ ] ()
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
  SearchScopes: HKCU - ${searchCLSID} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  
  FF SearchPlugin: C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\searchplugins\creative-commons-search-beta.xml
  
  CHR Extension: () - C:\Users\Praetor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0 [2013-10-11]
  
  2014-01-14 17:14 - 2014-01-14 17:14 - 00111396 _____ C:\Users\Praetor\Desktop\FRSTLauncher.exe
  014-01-14 13:46 - 2014-01-14 13:51 - 00013306 _____ C:\UsbFix [Clean 1] PRAETOR-PC.txt
  2014-01-14 13:29 - 2014-01-14 13:50 - 00000000 ____D C:\UsbFix
  2014-01-14 13:28 - 2014-01-14 13:28 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Praetor\Desktop\UsbFix.exe
  2014-01-14 10:48 - 2014-01-14 10:48 - 00935175 _____ C:\Users\Praetor\Downloads\RSITx64.exe
  2014-01-14 09:53 - 2014-01-14 09:53 - 04101441 _____ C:\Users\Praetor\Downloads\tdsskiller(1).zip
  2014-01-14 09:35 - 2014-01-14 09:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Praetor\Downloads\mbar-1.07.0.1008.exe
  2014-01-14 09:35 - 2014-01-14 09:35 - 02218636 _____ C:\Users\Praetor\Downloads\tdsskiller.zip
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\okyy.vbs
  C:\Users\Praetor\AppData\Roaming\okyy.vbs
  C:\Users\Praetor\AppData\Roaming\newnext.me
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Praetor]

Fixlog vytvořen.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014
Ran by Praetor at 2014-01-15 11:35:14 Run:1
Running from C:\Users\Praetor\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Praetor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [NextLive] - C:\Users\Praetor\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
AppInit_DLLs-x32: [ ] ()

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - ${searchCLSID} URL = http://search.live.com/results.aspx?q={ ... rer:source?}

FF SearchPlugin: C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\searchplugins\creative-commons-search-beta.xml

CHR Extension: () - C:\Users\Praetor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0 [2013-10-11]

2014-01-14 17:14 - 2014-01-14 17:14 - 00111396 _____ C:\Users\Praetor\Desktop\FRSTLauncher.exe
014-01-14 13:46 - 2014-01-14 13:51 - 00013306 _____ C:\UsbFix [Clean 1] PRAETOR-PC.txt
2014-01-14 13:29 - 2014-01-14 13:50 - 00000000 ____D C:\UsbFix
2014-01-14 13:28 - 2014-01-14 13:28 - 01144875 _____ (El Desaparecido - SosVirus.net) C:\Users\Praetor\Desktop\UsbFix.exe
2014-01-14 10:48 - 2014-01-14 10:48 - 00935175 _____ C:\Users\Praetor\Downloads\RSITx64.exe
2014-01-14 09:53 - 2014-01-14 09:53 - 04101441 _____ C:\Users\Praetor\Downloads\tdsskiller(1).zip
2014-01-14 09:35 - 2014-01-14 09:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Praetor\Downloads\mbar-1.07.0.1008.exe
2014-01-14 09:35 - 2014-01-14 09:35 - 02218636 _____ C:\Users\Praetor\Downloads\tdsskiller.zip
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\okyy.vbs
C:\Users\Praetor\AppData\Roaming\okyy.vbs
C:\Users\Praetor\AppData\Roaming\newnext.me

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search bar => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID} => Key deleted successfully.
HKCR\CLSID\${searchCLSID} => Key not found.
C:\Users\Praetor\AppData\Roaming\Mozilla\Firefox\Profiles\wczgnqky.default-1373724954637\searchplugins\creative-commons-search-beta.xml => Moved successfully.
C:\Users\Praetor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj => Moved successfully.
"C:\Users\Praetor\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\UsbFix => Moved successfully.
C:\Users\Praetor\Desktop\UsbFix.exe => Moved successfully.
C:\Users\Praetor\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Praetor\Downloads\tdsskiller(1).zip => Moved successfully.
C:\Users\Praetor\Downloads\mbar-1.07.0.1008.exe => Moved successfully.
C:\Users\Praetor\Downloads\tdsskiller.zip => Moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job => Moved successfully.
"C:\Users\Praetor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\okyy.vbs" => File/Directory not found.
"C:\Users\Praetor\AppData\Roaming\okyy.vbs" => File/Directory not found.
C:\Users\Praetor\AppData\Roaming\newnext.me => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

Jak se chova PC??

[Praetor]

PC se chová normálně, dokonce snad ještě o něco lépe, než šlo před infekcí. Flashka vypadá také dobře. Kameru ani e-reader jsem zatím nepřipojoval.

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Praetor]

Ještě se zeptám, zda mám na čtečku aplikovat také USB fix? Ten šmejd se do ní rozhodně dostal. Jinak opravdu děkuji za pomoc.

[vyosek]

Pokud se tam dostal, tak tam USBFix pustte

[Praetor]

Teď už je všechno v pořádku. Mockrát děkuji za pomoc, ať se Vám daří!