Prosim o kontrolu FIRST logu

Zpráva

Mirdass · #1 Příspěvek od **Mirdass** » 19 bře 2014 15:22

Dobry den...obcas mi vyskoci v google chrome falesna zprava "Policie Ceske republiky....". Jinak PC ok. Audition log prilozen k logu. Diky.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Miroslav Petřek (administrator) on MIROSLAVPETŘEK on 19-03-2014 15:23:52
Running from C:\Users\Miroslav Petřek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Barracuda Networks, Inc.) C:\Users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Dropbox, Inc.) C:\Users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Miroslav Petřek\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Copy] - C:\Users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe [15505952 2014-02-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-21] ()
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\Run: [Copy] - C:\Users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe [15505952 2014-02-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2974839684-1887294309-1623444617-1001\...\MountPoints2: {75f413b2-a374-11e2-9463-902b345a4c84} - G:\setup.exe
Startup: C:\Users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Download keeeperr - {C580A730-666D-C363-3977-FD91891FFB3B} - C:\ProgramData\Download keeeperr\1.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Dokumenty Google) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (YouTube) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2014-01-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-09-30]
CHR Extension: (Peněženka Google) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Evernote Web Clipper) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-03-25]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 tvMobiliService; C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe [1204224 2013-11-10] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-12] (DT Soft Ltd)
R3 GPWADrv; C:\Windows\System32\Drivers\GPWADrv64.sys [772864 2013-07-11] (Line 6)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-19 15:23 - 2014-03-19 15:23 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav Petřek\Desktop\FRSTLauncher.exe
2014-03-19 15:23 - 2014-03-19 15:23 - 00012321 _____ () C:\Users\Miroslav Petřek\Desktop\FRST.txt
2014-03-19 15:23 - 2014-03-19 15:23 - 00000000 ____D () C:\FRST
2014-03-19 15:22 - 2014-03-19 15:22 - 02157056 _____ (Farbar) C:\Users\Miroslav Petřek\Desktop\FRST64.exe
2014-03-13 14:29 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:29 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 14:29 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 14:29 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:29 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 14:29 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 14:29 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 14:29 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 14:29 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 14:29 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 14:29 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 14:29 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 14:29 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:29 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 14:29 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:29 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 14:29 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 14:29 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:29 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 14:29 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 14:29 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:29 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 14:29 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 14:29 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:29 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 14:29 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 14:29 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 14:29 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 14:29 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:29 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 14:29 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:29 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:29 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:29 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 14:29 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:29 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:29 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:29 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:29 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:29 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:29 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:29 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:29 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:29 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 14:29 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:29 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:29 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:29 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 19:04 - 2014-03-12 19:16 - 00000102 _____ () C:\Users\Miroslav Petřek\AppData\Local\TempDiskpartScript.txt
2014-03-12 18:43 - 2014-03-12 18:43 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\WinRAR
2014-03-12 18:43 - 2014-03-12 18:43 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2014-03-12 15:11 - 2014-03-12 15:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2014-03-07 15:17 - 2014-03-07 21:01 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Battle.net
2014-03-07 15:17 - 2014-03-07 15:18 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Battle.net
2014-03-07 15:17 - 2014-03-07 15:17 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-07 15:17 - 2014-03-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Blizzard Entertainment
2014-03-06 19:15 - 2014-03-06 19:15 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Diablo III
2014-03-06 18:29 - 2014-03-06 18:34 - 00000779 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-03-06 18:29 - 2014-03-06 18:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-06 18:24 - 2014-03-06 18:25 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-04 19:29 - 2014-03-04 19:29 - 00000000 ____D () C:\ProgramData\Steam
2014-03-02 14:42 - 2014-03-02 14:42 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Bandicam
2014-03-02 14:42 - 2014-03-02 14:42 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\BANDISOFT
2014-03-01 14:20 - 2014-03-02 07:34 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Awesomium
2014-02-27 20:06 - 2014-02-27 20:06 - 00000992 _____ () C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2014-02-27 20:06 - 2014-02-27 20:06 - 00000992 _____ () C:\Users\Miroslav Petřek\Desktop\Bandicam.lnk
2014-02-27 20:06 - 2014-02-27 20:06 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-27 20:06 - 2014-02-27 20:06 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-02-27 17:11 - 2014-02-27 17:11 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Elder Scrolls Online
2014-02-27 17:11 - 2014-02-27 17:11 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-26 14:55 - 2014-03-02 16:02 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-02-26 14:55 - 2014-02-26 14:55 - 00001403 _____ () C:\Users\Miroslav Petřek\Desktop\The Elder Scrolls Online Beta.lnk
2014-02-24 14:51 - 2014-02-24 14:51 - 00000710 _____ () C:\Users\Public\Desktop\Outcast.lnk
2014-02-21 14:55 - 2014-02-21 14:55 - 00000718 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk
2014-02-21 14:54 - 2014-02-21 14:54 - 00000730 _____ () C:\Users\Public\Desktop\Anachronox.lnk
2014-02-21 14:52 - 2014-02-21 14:52 - 00000816 _____ () C:\Users\Public\Desktop\Eschalon - Book I.lnk
2014-02-19 15:45 - 2014-02-19 15:45 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Canneverbe Limited
2014-02-19 15:45 - 2014-02-19 15:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-02-19 15:34 - 2014-02-19 15:34 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2014-02-19 14:47 - 2014-02-19 15:34 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-19 14:44 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Copy

==================== One Month Modified Files and Folders =======

2014-03-19 15:23 - 2014-03-19 15:23 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav Petřek\Desktop\FRSTLauncher.exe
2014-03-19 15:23 - 2014-03-19 15:23 - 00012321 _____ () C:\Users\Miroslav Petřek\Desktop\FRST.txt
2014-03-19 15:23 - 2014-03-19 15:23 - 00000000 ____D () C:\FRST
2014-03-19 15:23 - 2013-11-21 20:37 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\PMB Files
2014-03-19 15:22 - 2014-03-19 15:22 - 02157056 _____ (Farbar) C:\Users\Miroslav Petřek\Desktop\FRST64.exe
2014-03-19 15:21 - 2013-03-25 18:25 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\uTorrent
2014-03-19 15:20 - 2013-10-11 14:02 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 15:17 - 2014-02-19 14:44 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Copy
2014-03-19 15:16 - 2013-10-09 17:19 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 15:14 - 2013-03-25 19:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-19 14:58 - 2013-07-03 17:57 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Skyrim
2014-03-19 14:55 - 2013-03-22 08:56 - 00420578 _____ () C:\Windows\DirectX.log
2014-03-19 14:37 - 2013-10-11 14:02 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 14:37 - 2013-03-25 18:31 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Dropbox
2014-03-19 14:35 - 2013-03-21 14:50 - 01100794 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 14:28 - 2013-12-18 15:32 - 00000000 ____D () C:\ProgramData\TVMOBiLi
2014-03-19 14:25 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:25 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:22 - 2011-04-12 09:34 - 00678098 _____ () C:\Windows\system32\perfh005.dat
2014-03-19 14:22 - 2011-04-12 09:34 - 00146996 _____ () C:\Windows\system32\perfc005.dat
2014-03-19 14:22 - 2009-07-14 06:13 - 01613968 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 14:17 - 2013-03-22 07:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-19 14:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 14:17 - 2009-07-14 05:51 - 00070235 _____ () C:\Windows\setupact.log
2014-03-18 19:50 - 2013-03-25 19:17 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\vlc
2014-03-18 15:53 - 2013-08-14 20:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 15:52 - 2013-03-28 15:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 14:44 - 2013-04-05 17:16 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\CrashDumps
2014-03-17 14:26 - 2014-01-10 17:23 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-03-17 14:26 - 2014-01-10 17:23 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-03-14 19:33 - 2009-07-14 05:45 - 00330864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 19:32 - 2013-03-28 16:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 19:32 - 2013-03-28 16:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 19:16 - 2014-03-12 19:04 - 00000102 _____ () C:\Users\Miroslav Petřek\AppData\Local\TempDiskpartScript.txt
2014-03-12 18:43 - 2014-03-12 18:43 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\WinRAR
2014-03-12 18:43 - 2014-03-12 18:43 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2014-03-12 15:16 - 2013-04-08 13:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:16 - 2013-04-08 13:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:16 - 2013-04-08 13:59 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:11 - 2014-03-12 15:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2014-03-12 14:29 - 2009-07-14 06:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 15:17 - 2013-03-25 18:57 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Western_Digital
2014-03-10 14:58 - 2013-03-25 18:05 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\foobar2000
2014-03-07 21:01 - 2014-03-07 15:17 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Battle.net
2014-03-07 15:18 - 2014-03-07 15:17 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Battle.net
2014-03-07 15:17 - 2014-03-07 15:17 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-07 15:17 - 2014-03-07 15:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-06 20:48 - 2013-03-25 17:37 - 00000000 ____D () C:\Users\Miroslav Petřek
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\Blizzard Entertainment
2014-03-06 19:15 - 2014-03-06 19:15 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Diablo III
2014-03-06 18:34 - 2014-03-06 18:29 - 00000779 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-03-06 18:34 - 2014-03-06 18:29 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-06 18:25 - 2014-03-06 18:24 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-04 19:29 - 2014-03-04 19:29 - 00000000 ____D () C:\ProgramData\Steam
2014-03-04 19:29 - 2013-04-02 18:57 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\My Games
2014-03-02 16:02 - 2014-02-26 14:55 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-03-02 14:42 - 2014-03-02 14:42 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Bandicam
2014-03-02 14:42 - 2014-03-02 14:42 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\BANDISOFT
2014-03-02 07:34 - 2014-03-01 14:20 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Awesomium
2014-03-01 07:05 - 2014-03-13 14:29 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 14:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 14:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 14:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 14:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 14:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 14:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 14:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 14:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 14:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 14:29 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 14:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 14:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 14:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 14:29 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 14:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 14:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 14:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 14:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 14:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 14:29 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 14:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 14:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 14:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 14:29 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 14:29 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 14:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 14:29 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 14:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 14:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 14:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 14:29 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 14:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 14:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 14:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 14:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 14:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 21:23 - 2013-03-28 19:52 - 01588682 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 20:06 - 2014-02-27 20:06 - 00000992 _____ () C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2014-02-27 20:06 - 2014-02-27 20:06 - 00000992 _____ () C:\Users\Miroslav Petřek\Desktop\Bandicam.lnk
2014-02-27 20:06 - 2014-02-27 20:06 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-27 20:06 - 2014-02-27 20:06 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-02-27 17:11 - 2014-02-27 17:11 - 00000000 ____D () C:\Users\Miroslav Petřek\Documents\Elder Scrolls Online
2014-02-27 17:11 - 2014-02-27 17:11 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-27 14:19 - 2010-11-21 04:47 - 00574052 _____ () C:\Windows\PFRO.log
2014-02-26 14:55 - 2014-02-26 14:55 - 00001403 _____ () C:\Users\Miroslav Petřek\Desktop\The Elder Scrolls Online Beta.lnk
2014-02-24 14:51 - 2014-02-24 14:51 - 00000710 _____ () C:\Users\Public\Desktop\Outcast.lnk
2014-02-21 17:08 - 2013-09-17 13:42 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\FileZilla
2014-02-21 14:55 - 2014-02-21 14:55 - 00000718 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk
2014-02-21 14:54 - 2014-02-21 14:54 - 00000730 _____ () C:\Users\Public\Desktop\Anachronox.lnk
2014-02-21 14:52 - 2014-02-21 14:52 - 00000816 _____ () C:\Users\Public\Desktop\Eschalon - Book I.lnk
2014-02-20 18:34 - 2013-04-28 10:24 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Local\GOG.com
2014-02-20 18:07 - 2013-04-28 10:24 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-02-19 15:45 - 2014-02-19 15:45 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Canneverbe Limited
2014-02-19 15:45 - 2014-02-19 15:45 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-02-19 15:34 - 2014-02-19 15:34 - 00000000 ____D () C:\Users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2014-02-19 15:34 - 2014-02-19 14:47 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

Some content of TEMP:
====================
C:\Users\Miroslav Petřek\AppData\Local\Temp\bdfilters.dll
C:\Users\Miroslav Petřek\AppData\Local\Temp\L6GPInst.dll
C:\Users\Miroslav Petřek\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Miroslav Petřek\AppData\Local\Temp\uttAB2F.tmp.exe
C:\Users\Miroslav Petřek\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Miroslav Petřek\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Miroslav Petřek\AppData\Local\Temp\zheyfzf5.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 15:47

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:167.58 GB) (Free:79.05 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:110.34 GB) NTFS
Drive g: (SPTSOT) (CDROM) (Total:5.34 GB) (Free:0 GB) CDFS
Drive h: (My Book) (Fixed) (Total:931.48 GB) (Free:171.62 GB) NTFS

Available physical RAM: 5912.07 MB
Total physical RAM: 8150.18 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 5731E52A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5731E552)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002DE38)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
Description: Připojení správce filtrů ke svazku \Device\HarddiskVolume5 se nezdařilo. Tento svazek nebude až do restartování k dispozici pro filtrování. Konečný stav: 0xc03a001c.
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Miroslav Pet�ek\Desktop" je 2 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Roli** » 19 bře 2014 17:40

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !

Mirdass · #3 Příspěvek od **Mirdass** » 19 bře 2014 18:37

# AdwCleaner v3.022 - Report created 19/03/2014 at 18:42:15
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Miroslav Petřek - MIROSLAVPETŘEK
# Running from : C:\Users\Miroslav Petřek\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Ss-Helper
Folder Found C:\ProgramData\Download keeeperr
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found C:\Users\Miroslav Petřek\AppData\LocalLow\Download keeeperr
Folder Found C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\Software\Myfree Codec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1305 octets] - [19/03/2014 18:42:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1365 octets] ##########

Mirdass · #4 Příspěvek od **Mirdass** » 19 bře 2014 18:59

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Miroslav Petřek :: MIROSLAVPETŘEK [administrátor]

Ochrana: Povolena

19.3.2014 18:48:43
MBAM-log-2014-03-19 (19-04-20).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 440261
Uplynulý čas: 15 minut, 28 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Program Files (x86)\Ss-Helper\sprotector.dll (PUP.Optional.SProtect.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Download keeeperr\1.dll (PUP.Optional.MultiPlug.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Download keeeperr\xz.exe (PUP.Optional.MultiPlug.A) -> Nebyla provedena žádná instrukce.
C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.Installrex) -> Nebyla provedena žádná instrukce.
C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000001 (PUP.Optional.Installex) -> Nebyla provedena žádná instrukce.

(konec)

#5 Příspěvek od **Roli** » 20 bře 2014 18:00

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.

To co Mbam našel nech smazat a pak mi sem dej zase log.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Mirdass · #6 Příspěvek od **Mirdass** » 20 bře 2014 20:05

# AdwCleaner v3.022 - Report created 20/03/2014 at 20:08:57
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Miroslav Petřek - MIROSLAVPETŘEK
# Running from : C:\Users\Miroslav Petřek\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Download keeeperr
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\Ss-Helper
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Miroslav Petřek\AppData\LocalLow\Download keeeperr

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1449 octets] - [19/03/2014 18:42:15]
AdwCleaner[R2].txt - [1509 octets] - [20/03/2014 20:08:23]
AdwCleaner[S1].txt - [1414 octets] - [20/03/2014 20:08:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1474 octets] ##########

Mirdass · #7 Příspěvek od **Mirdass** » 20 bře 2014 20:22

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Miroslav Petřek :: MIROSLAVPETŘEK [administrátor]

Ochrana: Povolena

20.3.2014 20:12:31
mbam-log-2014-03-20 (20-12-31).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 440422
Uplynulý čas: 15 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ss-Helper\sprotector.dll.vir (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.Installrex) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Miroslav Petřek\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000001 (PUP.Optional.Installex) -> Přesun do karantény a smazání se zdařilo.

(konec)

Mirdass · #8 Příspěvek od **Mirdass** » 20 bře 2014 20:31

ComboFix 14-03-19.01 - Miroslav Petřek 20.03.2014 20:33:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8150.6366 [GMT 1:00]
Spuštěný z: c:\users\Miroslav Petřek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml3CF0.tmp
c:\programdata\xml3D20.tmp
c:\programdata\xml3D21.tmp
c:\programdata\xml3D22.tmp
c:\programdata\xmlC217.tmp
c:\programdata\xmlC246.tmp
c:\programdata\xmlC247.tmp
c:\programdata\xmlC248.tmp
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 19:36 . 2014-03-20 19:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-20 19:36 . 2014-03-20 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-20 19:23 . 2014-02-21 13:46 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC4CF9A6-3477-4669-A69A-1FD655901092}\gapaengine.dll
2014-03-20 19:21 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB8B56A3-F4A3-46CF-9992-271FB012DDB5}\mpengine.dll
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Malwarebytes
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\programdata\Malwarebytes
2014-03-19 17:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-19 17:42 . 2014-03-20 19:09 -------- d-----w- C:\AdwCleaner
2014-03-19 14:45 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-19 14:23 . 2014-03-19 14:24 -------- d-----w- C:\FRST
2014-03-12 17:43 . 2014-03-12 17:43 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\WinRAR
2014-03-07 14:17 . 2014-03-19 16:17 -------- d-----w- c:\users\Miroslav Petřek\AppData\Local\Battle.net
2014-03-07 14:17 . 2014-03-07 14:18 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Battle.net
2014-03-07 14:17 . 2014-03-07 14:17 -------- d-----w- c:\program files (x86)\Battle.net
2014-03-06 18:26 . 2014-03-06 18:26 -------- d-----w- c:\users\Miroslav Petřek\AppData\Local\Blizzard Entertainment
2014-03-06 17:29 . 2014-03-07 14:17 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-03-06 17:29 . 2014-03-06 17:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-03-06 17:24 . 2014-03-06 17:25 -------- d-----w- c:\programdata\Battle.net
2014-03-04 18:29 . 2014-03-04 18:29 -------- d-----w- c:\programdata\Steam
2014-03-02 13:42 . 2014-03-02 13:42 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\BANDISOFT
2014-03-01 13:20 . 2014-03-02 06:34 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Awesomium
2014-02-27 19:06 . 2014-02-27 19:06 -------- d-----w- c:\program files (x86)\Bandicam
2014-02-27 19:06 . 2014-02-27 19:06 -------- d-----w- c:\program files (x86)\BandiMPEG1
2014-02-27 16:11 . 2014-02-27 16:11 -------- d-----w- c:\programdata\Elder Scrolls Online
2014-02-26 19:40 . 2014-02-26 19:40 -------- d-----w- c:\windows\Migration
2014-02-26 13:55 . 2014-03-02 15:02 -------- d-----w- c:\program files (x86)\Zenimax Online
2014-02-19 14:45 . 2014-02-19 14:45 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Canneverbe Limited
2014-02-19 14:45 . 2014-02-19 14:45 -------- d-----w- c:\programdata\Canneverbe Limited
2014-02-19 13:44 . 2014-03-20 19:31 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Copy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 14:52 . 2013-03-28 14:07 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 14:16 . 2013-04-08 12:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 14:16 . 2013-04-08 12:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 13:46 . 2013-04-25 13:25 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-13 08:21 . 2014-02-13 08:21 56656 ----a-w- c:\windows\system32\vcomp90.dll
2014-02-13 08:21 . 2014-02-13 08:21 51024 ----a-w- c:\windows\SysWow64\vcomp90.dll
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09 . 2014-02-12 13:35 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-12 15:57 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-12 15:57 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-26 14:34 . 2013-03-25 16:46 14823424 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-11-21 4287536]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"Copy"="c:\users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-04 15505952]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-23 5120144]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-04 15505952]
.
c:\users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TVMOBiLiArtworkManager.lnk - c:\program files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe "/path:c:\programdata\TVMOBiLi\cache" [2013-11-10 67584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv64.sys;c:\windows\SYSNATIVE\Drivers\GPWADrv64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 07:21 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 14:16]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 06:15]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: LastPass - file://c:\users\Miroslav Petřek\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass vyplňování formulářů - file://c:\users\Miroslav Petřek\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2974839684-1887294309-1623444617-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f3,d5,27,fb,8b,19,4d,fa,91,15,ec,1c,cc,71,17,39,96,de,1e,04,ee,74,12,
ff,f9,43,cb,56,42,53,21,09,da,6c,56,06,fc,e5,73,5e,e3,f7,f9,66,7d,00,ff,63,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-03-20 20:36:57
ComboFix-quarantined-files.txt 2014-03-20 19:36
.
Před spuštěním: Volných bajtů: 86 147 444 736
Po spuštění: Volných bajtů: 85 969 580 032
.
- - End Of File - - 3374FA6972C5EEB2084BA612D96AA4C4

#9 Příspěvek od **Roli** » 21 bře 2014 18:12

Přesuň Combofix na Místní disk C:

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\program files (x86)\Pando Networks

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na Místní disk C:,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Mirdass · #10 Příspěvek od **Mirdass** » 21 bře 2014 19:07

ComboFix 14-03-19.01 - Miroslav Petřek 21.03.2014 19:08:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8150.5889 [GMT 1:00]
Spuštěný z: c:\users\Miroslav Pet°ek\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Pando Networks
c:\program files (x86)\Pando Networks\Media Booster\BsSndRpt.exe
c:\program files (x86)\Pando Networks\Media Booster\BugSplat.dll
c:\program files (x86)\Pando Networks\Media Booster\BugSplatRc.dll
c:\program files (x86)\Pando Networks\Media Booster\freebl3.dll
c:\program files (x86)\Pando Networks\Media Booster\Media Booster FAQs.url
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll.2.config
c:\program files (x86)\Pando Networks\Media Booster\nspr4.dll
c:\program files (x86)\Pando Networks\Media Booster\nss3.dll
c:\program files (x86)\Pando Networks\Media Booster\nssckbi.dll
c:\program files (x86)\Pando Networks\Media Booster\plc4.dll
c:\program files (x86)\Pando Networks\Media Booster\plds4.dll
c:\program files (x86)\Pando Networks\Media Booster\PMB.cpl
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe.config
c:\program files (x86)\Pando Networks\Media Booster\smime3.dll
c:\program files (x86)\Pando Networks\Media Booster\softokn3.dll
c:\program files (x86)\Pando Networks\Media Booster\ssl3.dll
c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-21 do 2014-03-21 )))))))))))))))))))))))))))))))
.
.
2014-03-21 18:11 . 2014-03-21 18:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-21 18:11 . 2014-03-21 18:11 -------- d-----w- c:\users\Miroslav Petýek\AppData\Local\temp
2014-03-21 18:11 . 2014-03-21 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-21 14:46 . 2014-03-21 14:46 -------- d-----w- c:\windows\LastGood
2014-03-20 19:38 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0C3192F-5E64-4001-9D1B-A7539A1D3BC4}\mpengine.dll
2014-03-20 19:23 . 2014-02-21 13:46 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC4CF9A6-3477-4669-A69A-1FD655901092}\gapaengine.dll
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Malwarebytes
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-19 17:45 . 2014-03-19 17:45 -------- d-----w- c:\programdata\Malwarebytes
2014-03-19 17:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-19 17:42 . 2014-03-20 19:09 -------- d-----w- C:\AdwCleaner
2014-03-19 14:45 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-19 14:23 . 2014-03-19 14:24 -------- d-----w- C:\FRST
2014-03-12 17:43 . 2014-03-12 17:43 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\WinRAR
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-03-07 14:17 . 2014-03-19 16:17 -------- d-----w- c:\users\Miroslav Petřek\AppData\Local\Battle.net
2014-03-07 14:17 . 2014-03-07 14:18 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Battle.net
2014-03-07 14:17 . 2014-03-07 14:17 -------- d-----w- c:\program files (x86)\Battle.net
2014-03-06 18:26 . 2014-03-06 18:26 -------- d-----w- c:\users\Miroslav Petřek\AppData\Local\Blizzard Entertainment
2014-03-06 17:29 . 2014-03-07 14:17 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-03-06 17:29 . 2014-03-06 17:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-03-06 17:24 . 2014-03-06 17:25 -------- d-----w- c:\programdata\Battle.net
2014-03-04 18:29 . 2014-03-04 18:29 -------- d-----w- c:\programdata\Steam
2014-03-02 13:42 . 2014-03-02 13:42 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\BANDISOFT
2014-03-01 13:20 . 2014-03-02 06:34 -------- d-----w- c:\users\Miroslav Petřek\AppData\Roaming\Awesomium
2014-02-27 19:06 . 2014-02-27 19:06 -------- d-----w- c:\program files (x86)\Bandicam
2014-02-27 19:06 . 2014-02-27 19:06 -------- d-----w- c:\program files (x86)\BandiMPEG1
2014-02-27 16:11 . 2014-02-27 16:11 -------- d-----w- c:\programdata\Elder Scrolls Online
2014-02-26 19:40 . 2014-02-26 19:40 -------- d-----w- c:\windows\Migration
2014-02-26 13:55 . 2014-03-02 15:02 -------- d-----w- c:\program files (x86)\Zenimax Online
2014-02-20 17:14 . 2014-02-20 17:14 15453904 ----a-w- c:\windows\SysWow64\xlive.dll
2014-02-20 17:14 . 2014-02-20 17:14 13642960 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 14:52 . 2013-03-28 14:07 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 14:16 . 2013-04-08 12:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 14:16 . 2013-04-08 12:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 13:46 . 2013-04-25 13:25 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-13 08:21 . 2014-02-13 08:21 56656 ----a-w- c:\windows\system32\vcomp90.dll
2014-02-13 08:21 . 2014-02-13 08:21 51024 ----a-w- c:\windows\SysWow64\vcomp90.dll
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09 . 2014-02-12 13:35 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 13:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-26 14:34 . 2013-03-25 16:46 14823424 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"Copy"="c:\users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-04 15505952]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-23 5120144]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\Miroslav Petřek\AppData\Roaming\Copy\CopyAgent.exe" [2014-02-04 15505952]
.
c:\users\Miroslav Petřek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TVMOBiLiArtworkManager.lnk - c:\program files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe "/path:c:\programdata\TVMOBiLi\cache" [2013-11-10 67584]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv64.sys;c:\windows\SYSNATIVE\Drivers\GPWADrv64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 07:21 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 14:16]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 06:15]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-02-19 14:34 3975168 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Miroslav Petřek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - file://c:\users\Miroslav Petřek\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass vyplňování formulářů - file://c:\users\Miroslav Petřek\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2974839684-1887294309-1623444617-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f3,d5,27,fb,8b,19,4d,fa,91,15,ec,1c,cc,71,17,39,96,de,1e,04,ee,74,12,
ff,f9,43,cb,56,42,53,21,09,da,6c,56,06,fc,e5,73,5e,e3,f7,f9,66,7d,00,ff,63,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
Celkový čas: 2014-03-21 19:12:47
ComboFix-quarantined-files.txt 2014-03-21 18:12
ComboFix2.txt 2014-03-20 19:36
.
Před spuštěním: Volných bajtů: 89 627 557 888
Po spuštění: Volných bajtů: 89 562 906 624
.
- - End Of File - - 10519D3A7CB0E540504216B8D7F3B0C5

#11 Příspěvek od **Roli** » 22 bře 2014 22:55

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

Mirdass · #12 Příspěvek od **Mirdass** » 23 bře 2014 17:46

Vypada to dobre...diky moc!

#13 Příspěvek od **Roli** » 23 bře 2014 21:49

Není zač a

VIRY.CZ

Prosim o kontrolu FIRST logu

Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu

Re: Prosim o kontrolu FIRST logu