Comodo firewall

[kuba0003]

Ahoj,
chtěl bych se zeptat jestli je normální, že mi firewall píše: Síťové průníky: 122.
A každou minutu se počet o 1-2 zvýší.
Nápř: 120.68.217.221 na portu 2796

Používám Comodo Internet Secure Pro.

[Rudy]

Zdravím!
Pokud ten průnik FW zachytil, pak je vše OK, od toho tam je. Ta IP patří Číně. Chcete-li kontrolu PC, dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[kuba0003]

Přístupy byly dva ze dvou čínských IP. Netuším ale proč to zkoušeli pořád dokola (stejný port). IP jsem ve firewallu zablokoval.
Výpis:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by CELL (administrator) on CELL12 on 25-01-2015 20:30:28
Running from C:\Users\CELL\Desktop
Loaded Profiles: CELL (Available profiles: CELL )
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(IT Hit Ltd) C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(IT Hit Ltd) C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Tray.exe
(Spotify Ltd) C:\Users\CELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\xampp\xampp-control.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\CELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\CELL\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [IT Hit Map WebDAV Drive Tray Application] => C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Tray.exe [32768 2011-11-20] (IT Hit Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Spotify] => C:\Users\CELL\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Spotify Web Helper] => C:\Users\CELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [17392487 2014-09-04] ()
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Google Update] => C:\Users\CELL\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-20] (Google Inc.)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: G - G:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {12f1b15c-59c1-11e3-9c6f-002401eb26ba} - F:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {91a0ecc8-b750-11e3-97a9-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {9a915837-8125-11e3-a6f2-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {b29ffb77-eef2-11e3-80e4-002401eb26ba} - F:\autorun.exe
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\CELL\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-03] (Microsoft Corporation)
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp – zástupce.lnk
ShortcutTarget: Core Temp – zástupce.lnk -> C:\Nastroje\Core Temp.exe ()
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\CELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Mican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp – zástupce.lnk
ShortcutTarget: Core Temp – zástupce.lnk -> C:\Nastroje\Core Temp.exe ()
SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1ITHitMapDrive] -> {6C4225FF-F4D9-479E-AE52-AA5DBA314256} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
ShellIconOverlayIdentifiers: [2ITHitMapDrive] -> {68793594-D5F3-4E30-8BA0-E38C052B56E4} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
ShellIconOverlayIdentifiers: [3ITHitMapDrive] -> {92678F64-CC80-4BCF-BFE3-3E0DACE30849} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-2787697237-3961510220-1260839691-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2787697237-3961510220-1260839691-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
BHO: Virtual Storage Mount Notification -> {3CF560DC-DFCB-4737-82C2-9564CA8F733B} -> C:\Windows\system32\VSMntNtf.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11E425FD-7C3A-4A65-9B3B-7873867EB5DB}: [NameServer]
Tcpip\..\Interfaces\{6ABEE459-1B3F-4A5C-9114-99A4F7FEA274}: [NameServer]
Tcpip\..\Interfaces\{8694623D-6FF5-4B17-97C1-3256751C052C}: [NameServer] 10.2.5.1

FireFox:
========
FF ProfilePath: C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default
FF NewTab:
FF SearchEngineOrder.3:
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://google.cz
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "218.207.17.82"
FF NetworkProxy: "ftp_port", 8123
FF NetworkProxy: "http", "218.207.17.82"
FF NetworkProxy: "http_port", 8123
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "218.207.17.82"
FF NetworkProxy: "socks_port", 8123
FF NetworkProxy: "ssl", "218.207.17.82"
FF NetworkProxy: "ssl_port", 8123
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @tools.google.com/Google Update;version=3 -> C:\Users\CELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @tools.google.com/Google Update;version=9 -> C:\Users\CELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CELL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\user.js
FF SearchPlugin: C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\searchplugins\duckduckgo.xml
FF Extension: Hola Better Internet - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-12]
FF Extension: Html Validator - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013-12-07]
FF Extension: Classic Theme Restorer - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-09]
FF Extension: Firebug - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-09]
FF Extension: PageRank - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\PageRank@addonfactory.in.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (Hola Better Internet) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-08]
CHR Extension: (GData Centers 1 Council Bluffs, Iowa) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonacmfdmkgfmmdejlinolgjomhcbmh [2014-05-20]
CHR Extension: (Peněženka Google) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Stylebot) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2014-05-20]
CHR HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CELL\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [802688 2015-01-24] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ITHitMapWebDAVDrive; C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Service.exe [45056 2011-10-25] (IT Hit Ltd) [File not signed]
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 Origin Client Service; D:\Inst\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed]
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [191960 2009-09-24] (EldoS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-08] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2014-03-01] (Acronis)
S3 VSPerfDrv110; D:\Inst\vs\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Mican\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:30 - 2015-01-25 20:30 - 00019344 _____ () C:\Users\CELL\Desktop\FRST.txt
2015-01-25 20:29 - 2015-01-25 20:30 - 00000000 ____D () C:\FRST
2015-01-25 20:28 - 2015-01-25 20:28 - 02129920 _____ (Farbar) C:\Users\CELL\Desktop\FRST64.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 00112640 _____ (forum.viry.cz) C:\Users\CELL\Desktop\FRSTLauncher.exe
2015-01-25 20:12 - 2015-01-25 20:12 - 00108000 _____ () C:\Users\CELL\Desktop\log.htm
2015-01-25 19:44 - 2015-01-25 19:44 - 00000000 ____D () C:\Users\CELL\Desktop\Microsoft Windows 7 Home Premium Service Pack 1
2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\CELL\Desktop\junior
2015-01-25 13:24 - 2015-01-25 13:24 - 00816968 _____ () C:\Users\CELL\Downloads\[CzT]Arma_III_Complete_Edition_2013_CZ_.torrent
2015-01-24 22:19 - 2015-01-24 22:26 - 00000040 _____ () C:\Users\CELL\Desktop\sa.txt
2015-01-23 23:05 - 2015-01-23 23:05 - 00000000 ____D () C:\Users\CELL\Desktop\stares pohled
2015-01-23 21:13 - 2015-01-23 21:13 - 00000000 ____D () C:\Users\CELL\Desktop\raspberry pi kniha
2015-01-22 21:02 - 2015-01-22 21:02 - 00000000 ____D () C:\Users\CELL\Desktop\Americký sniper
2015-01-21 21:27 - 2015-01-21 21:27 - 00000000 ____D () C:\Users\CELL\Desktop\Parks and recreation
2015-01-21 21:20 - 2015-01-21 21:20 - 00000000 ____D () C:\Users\CELL\Desktop\30 minut po půlnoci
2015-01-21 17:17 - 2015-01-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-20 21:27 - 2015-01-20 21:27 - 00000000 ____D () C:\Users\CELL\Desktop\+OndřejFilipec
2015-01-20 19:16 - 2015-01-20 19:16 - 00000000 ____D () C:\Users\CELL\Desktop\argo
2015-01-19 16:38 - 2015-01-19 16:38 - 00000000 ____D () C:\Users\CELL\Desktop\hintit involves pillows and blankets
2015-01-18 13:31 - 2015-01-18 13:31 - 00000000 ____D () C:\Users\CELL\Desktop\stoned zhuleny
2015-01-18 12:15 - 2015-01-18 12:15 - 00000000 ____D () C:\Users\CELL\Desktop\mention zminit
2015-01-18 12:13 - 2015-01-18 12:13 - 00000000 ____D () C:\Users\CELL\Desktop\conveniently vyhodne
2015-01-17 23:56 - 2015-01-17 23:56 - 00000000 ____D () C:\Users\CELL\Desktop\dart
2015-01-17 22:46 - 2015-01-17 23:25 - 00000000 ____D () C:\heroku
2015-01-17 22:05 - 2015-01-17 22:05 - 00046165 _____ () C:\Users\CELL\Downloads\[CzT]Star_wars_Hvezdne_Valky_1_6_CZ.torrent
2015-01-17 21:28 - 2015-01-17 21:28 - 00000000 ____D () C:\Users\CELL\Desktop\agent carter
2015-01-16 17:13 - 2015-01-16 17:13 - 00000000 ____D () C:\Users\CELL\Desktop\koupit dolez.al
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\CELL\Desktop\spitting plive
2015-01-16 14:27 - 2015-01-16 14:27 - 00000000 ____D () C:\Users\CELL\Desktop\splitting rozdeluje
2015-01-16 14:06 - 2015-01-16 14:06 - 00000162 _____ () C:\Users\CELL\Desktop\most pod temzi.txt
2015-01-15 17:52 - 2015-01-25 18:34 - 00000000 ____D () C:\dev
2015-01-14 21:17 - 2015-01-14 21:18 - 00004621 _____ () C:\Users\CELL\Desktop\dass.txt
2015-01-14 20:56 - 2015-01-14 20:56 - 00000239 _____ () C:\Users\CELL\Desktop\Dlouhodobé Todoist.URL
2015-01-14 19:33 - 2015-01-14 19:33 - 00000000 ____D () C:\Users\CELL\Desktop\face the consequences
2015-01-14 18:47 - 2015-01-14 18:47 - 00000000 ____D () C:\Users\CELL\Desktop\saas
2015-01-14 16:41 - 2015-01-14 16:41 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:41 - 2015-01-14 16:41 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:36 - 2015-01-14 16:36 - 00000000 ____D () C:\Users\CELL\Desktop\njs nagli
2015-01-14 16:34 - 2015-01-14 16:34 - 00000000 ____D () C:\Users\CELL\Desktop\What else did you find
2015-01-13 21:56 - 2015-01-13 21:56 - 00000000 ____D () C:\Users\CELL\Desktop\Can I talk to you for a second
2015-01-13 21:55 - 2015-01-13 21:55 - 00000000 ____D () C:\Users\CELL\Desktop\Can I have something to eat
2015-01-13 19:46 - 2015-01-13 19:46 - 00000000 ____D () C:\Users\CELL\Desktop\tak e me to churhc
2015-01-13 17:20 - 2015-01-13 17:20 - 00000000 ____D () C:\Users\CELL\Desktop\maly pngcko
2015-01-12 19:49 - 2015-01-12 20:06 - 209706997 _____ () C:\Users\CELL\Downloads\ArchLinuxARM-2014.06-rpi.img.zip
2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-12 19:45 - 2015-01-12 19:45 - 01110476 _____ () C:\Users\CELL\Downloads\7z920.exe
2015-01-12 19:05 - 2015-01-12 19:29 - 220637379 _____ () C:\Users\CELL\Downloads\ArchLinuxARM-2014.10-rpi-rootfs.tar.gz
2015-01-12 18:00 - 2015-01-12 18:18 - 3124756480 _____ () C:\Users\CELL\Desktop\zal.img
2015-01-11 12:46 - 2015-01-11 12:46 - 00253095 _____ () C:\Users\CELL\Desktop\3288932--tajemna-stinadla-maji-svoji-mapu-autor-ji-tvoril-ctyri-mesice--1-950x0p0.jpeg
2015-01-10 18:56 - 2015-01-10 18:56 - 00000000 ____D () C:\Users\Game\AppData\Roaming\Mozilla
2015-01-10 15:18 - 2015-01-10 15:18 - 00011763 _____ () C:\Users\CELL\Downloads\[CzT]Captain_America_Navrat_prvniho_Avengera_Captain_America_The_Winter_Soldier_2014_CZ_.torrent
2015-01-10 13:57 - 2015-01-10 13:57 - 00000000 ____D () C:\ProgramData\ALI213
2015-01-09 20:46 - 2015-01-09 20:46 - 00000000 ____D () C:\Users\CELL\Desktop\react.js
2015-01-09 17:19 - 2015-01-09 17:19 - 00000000 ____D () C:\Users\CELL\Desktop\hostage rukojmi
2015-01-09 15:04 - 2015-01-09 15:04 - 00000000 ____D () C:\Users\CELL\Desktop\due zpusoben
2015-01-08 19:41 - 2015-01-08 19:41 - 00000000 ____D () C:\Users\CELL\Desktop\It's that time of the year when we predict the best web technologies and tools to look forward to. We are excited about AngularJS 2.0, React, Meteor, Ionic Framework and SocketIO
2015-01-08 18:48 - 2015-01-08 18:48 - 00015325 _____ () C:\Users\CELL\Downloads\[CzT]Darce_The_Giver_2014_WebRip_.torrent
2015-01-08 17:32 - 2015-01-08 18:31 - 00000971 _____ () C:\Users\CELL\Desktop\text.py
2015-01-06 16:50 - 2015-01-06 16:56 - 00000000 ____D () C:\laravel
2015-01-06 15:02 - 2015-01-06 15:02 - 00041658 _____ () C:\Users\CELL\Downloads\[CzT]Sniper_Elite_III_2014_CZ_.torrent
2015-01-04 13:03 - 2015-01-04 13:03 - 00089121 _____ () C:\Users\CELL\Downloads\[CzT]Dead_Rising_3_Apocalypse_Edition_2014_.torrent
2015-01-03 12:29 - 2015-01-03 12:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 21:55 - 2015-01-02 21:55 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-02 21:54 - 2015-01-02 21:54 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MongoVUE
2015-01-02 21:54 - 2015-01-02 21:54 - 00000000 ____D () C:\Program Files (x86)\MongoVUE
2015-01-02 21:51 - 2015-01-02 21:53 - 16779491 _____ () C:\Users\CELL\Downloads\Installer-1.6.9.zip
2015-01-02 17:56 - 2015-01-02 17:56 - 00020474 _____ () C:\Users\CELL\Downloads\[CzT]Prelet_nad_kukaccim_hnizdem_One_Flew_Over_the_Cuckoo_s_Nest.torrent
2015-01-02 17:46 - 2015-01-02 17:46 - 00012820 _____ () C:\Users\CELL\Downloads\the.it.crowd.moss.and.the.german.(2007).eng.1cd.(3587249).zip
2015-01-02 17:34 - 2015-01-02 17:34 - 00012785 _____ () C:\Users\CELL\Downloads\the.it.crowd.return.of.the.golden.child.(2007).eng.1cd.(3587248).zip
2015-01-02 17:14 - 2015-01-02 17:14 - 00013112 _____ () C:\Users\CELL\Downloads\the.it.crowd.the.work.outing.(2007).eng.1cd.(3143787).zip
2015-01-02 14:13 - 2015-01-02 16:30 - 1028653056 _____ () C:\Users\CELL\Downloads\ubuntu-14.04.1-desktop-amd64.iso
2015-01-01 12:34 - 2015-01-25 11:37 - 00001714 _____ () C:\Windows\setupact.log
2015-01-01 12:34 - 2015-01-03 23:09 - 00012866 _____ () C:\Windows\PFRO.log
2015-01-01 12:34 - 2015-01-01 12:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-31 20:51 - 2014-12-31 20:51 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 20:51 - 2014-12-31 20:51 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-31 20:37 - 2014-12-31 20:37 - 00000000 ____D () C:\Program Files (x86)\Digiarty
2014-12-31 20:36 - 2014-12-31 20:36 - 00000000 ____D () C:\ProgramData\IHProtectUpDate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:29 - 2013-11-30 14:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-25 20:26 - 2014-03-22 12:38 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-25 20:25 - 2013-11-30 15:52 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\vlc
2015-01-25 20:24 - 2014-03-22 15:20 - 00571984 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-25 20:19 - 2009-07-14 16:18 - 00744650 _____ () C:\Windows\system32\perfh005.dat
2015-01-25 20:19 - 2009-07-14 16:18 - 00189632 _____ () C:\Windows\system32\perfc005.dat
2015-01-25 20:19 - 2009-07-14 06:13 - 01680498 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 20:17 - 2014-11-21 19:32 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Dropbox
2015-01-25 20:17 - 2013-11-30 12:55 - 00000000 ___RD () C:\Users\CELL\Dropbox
2015-01-25 20:10 - 2014-10-12 18:46 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000UA.job
2015-01-25 20:10 - 2014-10-12 18:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000Core.job
2015-01-25 19:46 - 2013-12-22 21:48 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:35 - 2014-12-11 18:13 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 19:23 - 2013-11-29 21:53 - 01779004 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 18:34 - 2014-06-20 13:44 - 00000000 ___RD () C:\www
2015-01-25 15:47 - 2013-11-30 16:01 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\FileZilla
2015-01-25 11:41 - 2014-01-07 16:38 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-25 11:38 - 2014-03-29 21:05 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Spotify
2015-01-25 11:38 - 2013-12-22 21:48 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 11:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 22:35 - 2014-12-11 18:13 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:35 - 2013-11-30 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:35 - 2013-11-30 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:25 - 2014-03-01 17:53 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61125978-F6C6-4945-A1A6-1B3A1896D2D3}
2015-01-24 00:44 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 00:44 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 00:18 - 2013-12-12 18:24 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\.minecraft
2015-01-22 20:54 - 2014-09-24 15:57 - 00000000 ____D () C:\Users\CELL\Cisco Packet Tracer 6.0.1
2015-01-22 20:53 - 2014-09-24 15:57 - 00000186 _____ () C:\Users\CELL\.packettracer
2015-01-22 17:15 - 2013-12-20 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 00:12 - 2014-09-29 19:16 - 00000310 _____ () C:\Users\CELL\_netrc
2015-01-17 22:47 - 2014-09-24 17:28 - 00000000 ____D () C:\Users\CELL\.heroku
2015-01-15 17:51 - 2014-02-01 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 17:24 - 2014-03-02 15:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 17:19 - 2014-03-05 20:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:22 - 2014-01-25 15:07 - 00000000 ____D () C:\Users\CELL\.VirtualBox
2015-01-11 12:52 - 2013-11-30 15:50 - 00000000 ____D () C:\Users\CELL\Desktop\Nastroje
2015-01-10 14:38 - 2014-10-16 18:07 - 00000000 ____D () C:\Users\CELL\Desktop\game
2015-01-10 13:47 - 2014-03-01 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2015-01-08 18:31 - 2014-02-06 16:08 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Wing 101 5
2015-01-06 16:52 - 2014-11-13 16:02 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Composer
2015-01-03 12:45 - 2014-08-20 13:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 12:45 - 2014-08-20 13:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 12:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-03 12:29 - 2014-08-20 13:52 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 12:29 - 2014-08-20 13:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 12:29 - 2014-08-20 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 12:29 - 2014-01-26 12:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 14:00 - 2014-10-16 18:07 - 00000000 ____D () C:\Users\CELL\Desktop\ide
2014-12-31 20:51 - 2014-06-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-31 20:43 - 2014-05-30 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-12-31 20:34 - 2013-11-29 21:58 - 00001631 _____ () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-29 17:54 - 2014-06-25 14:37 - 00000000 ____D () C:\Users\Game\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2014-04-11 22:02 - 2014-04-11 22:26 - 0000132 _____ () C:\Users\CELL\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-09-05 23:14 - 2014-09-19 14:53 - 0000132 _____ () C:\Users\CELL\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2014-06-25 14:36 - 2014-12-02 17:54 - 0000028 _____ () C:\Users\CELL\AppData\Roaming\Network Meter_Usage.ini
2013-11-30 21:18 - 2014-06-11 20:33 - 0027887 _____ () C:\Users\CELL\AppData\Roaming\phpdesigner.xml
2014-03-11 21:34 - 2014-11-06 19:24 - 0001480 _____ () C:\Users\CELL\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2014-03-21 15:04 - 2015-01-25 19:18 - 0000600 _____ () C:\Users\CELL\AppData\Local\PUTTY.RND
2014-01-01 22:40 - 2014-01-01 22:40 - 0007958 _____ () C:\Users\CELL\AppData\Local\recently-used.xbel
2013-12-28 20:40 - 2014-12-02 18:17 - 0007618 _____ () C:\Users\CELL\AppData\Local\Resmon.ResmonCfg
2014-09-13 19:40 - 2014-09-13 19:40 - 0000176 _____ () C:\ProgramData\defraggler_list.txt

Files to move or delete:
====================
C:\Users\CELL\IP_Log_Data.js
C:\Users\CELL\Network_Meter_Data.js
C:\Users\Mican\IP_Log_Data.js
C:\Users\Mican\Network_Meter_Data.js


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 12:02




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Cecko) (Fixed) (Total:119.15 GB) (Free:15.87 GB) NTFS
Drive d: (Decko) (Fixed) (Total:698.63 GB) (Free:56.55 GB) NTFS
Drive k: () (Removable) (Total:14.92 GB) (Free:14.92 GB) FAT32

Available physical RAM: 13316.73 MB
Total physical RAM: 16383.34 MB
Percentage of memory in use: 18%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CD6ECC56)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 66612AE6)
Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
Disk: 6 (Size: 14.9 GB) (Disk ID: 001A1248)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000Core.job => C:\Users\CELL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000UA.job => C:\Users\CELL\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:753C01E7
AlternateDataStreams: C:\Users\CELL\Desktop\01_homepage2_full.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\01_homepage_full.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\02_detail_full.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\1315388.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\3288932--tajemna-stinadla-maji-svoji-mapu-autor-ji-tvoril-ctyri-mesice--1-950x0p0.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Analytics-Dashboard-UI-KIT-PSD.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\artboard_1_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Article.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\bbg_blog_dribbble3_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\blog-full.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\blog.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\blog.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\blog_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\branding_wip_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Bruno Mars - Grenade [Official Music Video].mp3:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\Bruno Mars - Grenade [Official Music Video].mp3:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\csblog_wip_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\dribbble-serif-typography_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Enrique Iglesias - Hero.mp3:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\Enrique Iglesias - Hero.mp3:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\entry.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\eshop.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\flat-example.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\footer-2012.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Free-Dashborad-PSD.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\FRSTLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\FRSTLauncher.exe:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\google2.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Marvin Gaye - Lets get it on.mp3:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\Marvin Gaye - Lets get it on.mp3:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\new_blog_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\photo.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\report01_2x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\screen_shot_2014-06-24_at_12.43.43_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\search.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Sheppard - Geronimo.mp3:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Desktop\Sheppard - Geronimo.mp3:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\ShopFast-Modern-Ecommerce-HTML-Template.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\shot-2x_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\sn1p_dribbble_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\socicon-social-icon-font.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\survey-dashboard_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\survey-results_1x.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\survey-system-web-design-ux-ui-ramotion.gif:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\survey_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\survey_analytics_full.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\Travelling_Map_Wip_Real_Pixels.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\ui-kit-preview_1x.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\wikipediaHD.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Desktop\zeek.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\123d72fc0d885ad165f24afddbb307cc.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\1421002403_accept_check_ok_outline_tick_yes-64.png:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\1421002403_accept_check_ok_outline_tick_yes-64.png:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\15.01.15 - 1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\24.01.15 - 1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\64aea2d02cfab053e15aa8dfb8db7ff1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\7z920.exe:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\7z920.exe:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\8307_Priklady_na_soucet_nekonecne_rady.pdf:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\8307_Priklady_na_soucet_nekonecne_rady.pdf:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\ArchLinuxARM-2014.06-rpi.img.zip:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\ArchLinuxARM-2014.06-rpi.img.zip:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\ArchLinuxARM-2014.10-rpi-rootfs.tar.gz:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\ArchLinuxARM-2014.10-rpi-rootfs.tar.gz:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\Clean_Code_-_A_Handbook_of_Agile_Software_Craftsmanship_(Prentice_Hall,_Aug_2008).pdf:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\Clean_Code_-_A_Handbook_of_Agile_Software_Craftsmanship_(Prentice_Hall,_Aug_2008).pdf:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\clockwritestime2.gif:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\cvIHl6V.gif:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\Freddie Mercury - I Was Born to Love You HD.mp3:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\Freddie Mercury - I Was Born to Love You HD.mp3:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\google humor.jpg:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\Installer-1.6.9.zip:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\Installer-1.6.9.zip:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\music technology.gif:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.moss.and.the.german.(2007).eng.1cd.(3587249).zip:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.moss.and.the.german.(2007).eng.1cd.(3587249).zip:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.return.of.the.golden.child.(2007).eng.1cd.(3587248).zip:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.return.of.the.golden.child.(2007).eng.1cd.(3587248).zip:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.the.work.outing.(2007).eng.1cd.(3143787).zip:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\the.it.crowd.the.work.outing.(2007).eng.1cd.(3143787).zip:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\ubuntu-14.04.1-desktop-amd64.iso:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\ubuntu-14.04.1-desktop-amd64.iso:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Arma_III_Complete_Edition_2013_CZ_.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Arma_III_Complete_Edition_2013_CZ_.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Captain_America_Navrat_prvniho_Avengera_Captain_America_The_Winter_Soldier_2014_CZ_.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Captain_America_Navrat_prvniho_Avengera_Captain_America_The_Winter_Soldier_2014_CZ_.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Darce_The_Giver_2014_WebRip_.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Darce_The_Giver_2014_WebRip_.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Dead_Rising_3_Apocalypse_Edition_2014_.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Dead_Rising_3_Apocalypse_Edition_2014_.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Prelet_nad_kukaccim_hnizdem_One_Flew_Over_the_Cuckoo_s_Nest.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Prelet_nad_kukaccim_hnizdem_One_Flew_Over_the_Cuckoo_s_Nest.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Sniper_Elite_III_2014_CZ_.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Sniper_Elite_III_2014_CZ_.torrent:$CmdZnID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Star_wars_Hvezdne_Valky_1_6_CZ.torrent:$CmdTcID
AlternateDataStreams: C:\Users\CELL\Downloads\[CzT]Star_wars_Hvezdne_Valky_1_6_CZ.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_ACCORD_Manchester_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_Anglo-Continental_Bournemouth_nabídka_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_Irsko_Cork_nabidka_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_LTC_Brighton_nabidka_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_LTC_Eastbourne_nabidka_2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_LTC_Eastbourne_nabidka_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_LTC_Londyn_nabidka_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Game\Downloads\IPK_Malta_nabidka_2015.pdf:$CmdZnID

==================== Security Center ==================

AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\CELL\Desktop" je 2669 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
D:\Inst\PowerISO\PWRISOVM.EXE -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
D:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[kuba0003]

Log:
Mel jsem v pc nejaky bordel od instalacky programu.
[uymqozhl.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "webssearches")

# AdwCleaner v4.109 - Report created 25/01/2015 at 22:16:07
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : CELL - CELL12
# Running from : C:\Users\CELL\Desktop\adwcleaner_4.109(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
Folder Deleted : C:\Users\CELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary\Google Chrome Canary.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome Canary\Google Keep – poznámky a seznamy.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome Canary\Text.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome Canary.lnk
Shortcut Disinfected : C:\Users\CELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\IHProtect
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 cs)

[uymqozhl.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "webssearches");
[uymqozhl.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[uymqozhl.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v40.0.2214.91

[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}

-\\ Chromium v

[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}

-\\ Comodo Dragon v36.1.1.21

[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

-\\ Chrome Canary v42.0.2286.0

[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}
[C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2812 octets] - [25/01/2015 22:07:58]
AdwCleaner[R1].txt - [2872 octets] - [25/01/2015 22:14:36]
AdwCleaner[S0].txt - [7073 octets] - [25/01/2015 22:16:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7133 octets] ##########

[Rudy]

Dejte nový log FRST.

[kuba0003]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by CELL (administrator) on CELL12 on 26-01-2015 22:03:08
Running from C:\Users\CELL\Desktop
Loaded Profiles: CELL (Available profiles: CELL & Game)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(IT Hit Ltd) C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(IT Hit Ltd) C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Tray.exe
(Spotify Ltd) C:\Users\CELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\CELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\CELL\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [IT Hit Map WebDAV Drive Tray Application] => C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Tray.exe [32768 2011-11-20] (IT Hit Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-17] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Spotify] => C:\Users\CELL\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Spotify Web Helper] => C:\Users\CELL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [17392487 2014-09-04] ()
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Run: [Google Update] => C:\Users\CELL\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-20] (Google Inc.)
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: G - G:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {12f1b15c-59c1-11e3-9c6f-002401eb26ba} - F:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {91a0ecc8-b750-11e3-97a9-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {9a915837-8125-11e3-a6f2-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {b29ffb77-eef2-11e3-80e4-002401eb26ba} - F:\autorun.exe
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\CELL\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-03] (Microsoft Corporation)
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp – zástupce.lnk
ShortcutTarget: Core Temp – zástupce.lnk -> C:\Nastroje\Core Temp.exe ()
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\CELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Mican\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp – zástupce.lnk
ShortcutTarget: Core Temp – zástupce.lnk -> C:\Nastroje\Core Temp.exe ()
SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\Windows\system32\VSMntNtf.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1ITHitMapDrive] -> {6C4225FF-F4D9-479E-AE52-AA5DBA314256} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
ShellIconOverlayIdentifiers: [2ITHitMapDrive] -> {68793594-D5F3-4E30-8BA0-E38C052B56E4} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
ShellIconOverlayIdentifiers: [3ITHitMapDrive] -> {92678F64-CC80-4BCF-BFE3-3E0DACE30849} => C:\Program Files\CloudSafe\WebDAV Drive\ShellExtension.dll ()
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2787697237-3961510220-1260839691-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
BHO: Virtual Storage Mount Notification -> {3CF560DC-DFCB-4737-82C2-9564CA8F733B} -> C:\Windows\system32\VSMntNtf.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{11E425FD-7C3A-4A65-9B3B-7873867EB5DB}: [NameServer]
Tcpip\..\Interfaces\{6ABEE459-1B3F-4A5C-9114-99A4F7FEA274}: [NameServer]
Tcpip\..\Interfaces\{8694623D-6FF5-4B17-97C1-3256751C052C}: [NameServer] 10.2.5.1

FireFox:
========
FF ProfilePath: C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default
FF NewTab:
FF SearchEngineOrder.3:
FF Homepage: hxxp://google.cz
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "218.207.17.82"
FF NetworkProxy: "ftp_port", 8123
FF NetworkProxy: "http", "218.207.17.82"
FF NetworkProxy: "http_port", 8123
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "218.207.17.82"
FF NetworkProxy: "socks_port", 8123
FF NetworkProxy: "ssl", "218.207.17.82"
FF NetworkProxy: "ssl_port", 8123
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @tools.google.com/Google Update;version=3 -> C:\Users\CELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @tools.google.com/Google Update;version=9 -> C:\Users\CELL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2787697237-3961510220-1260839691-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CELL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\searchplugins\duckduckgo.xml
FF Extension: Hola Better Internet - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-12]
FF Extension: Classic Theme Restorer - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-09]
FF Extension: Firebug - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-09]
FF Extension: PageRank - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\PageRank@addonfactory.in.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\CELL\AppData\Roaming\Mozilla\Firefox\Profiles\uymqozhl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (Hola Better Internet) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-08]
CHR Extension: (GData Centers 1 Council Bluffs, Iowa) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonacmfdmkgfmmdejlinolgjomhcbmh [2014-05-20]
CHR Extension: (Peněženka Google) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Stylebot) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2014-05-20]
CHR HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CELL\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [802688 2015-01-24] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 ITHitMapWebDAVDrive; C:\Program Files\CloudSafe\WebDAV Drive\ITHit.MapWebDAVDrive.Service.exe [45056 2011-10-25] (IT Hit Ltd) [File not signed]
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 Origin Client Service; D:\Inst\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed]
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [191960 2009-09-24] (EldoS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-08] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2014-03-01] (Acronis)
S3 VSPerfDrv110; D:\Inst\vs\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Mican\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 22:03 - 2015-01-26 22:03 - 00019167 _____ () C:\Users\CELL\Desktop\FRST.txt
2015-01-26 22:02 - 2015-01-26 22:02 - 00015327 _____ () C:\Users\CELL\Desktop\LM.bat
2015-01-25 21:36 - 2015-01-25 22:16 - 00000000 ____D () C:\AdwCleaner
2015-01-25 21:28 - 2015-01-25 21:28 - 02194432 _____ () C:\Users\CELL\Desktop\adwcleaner_4.109(1).exe
2015-01-25 20:48 - 2015-01-25 20:50 - 02194432 _____ () C:\Users\CELL\Downloads\adwcleaner_4.109.exe
2015-01-25 20:29 - 2015-01-26 22:03 - 00000000 ____D () C:\FRST
2015-01-25 20:28 - 2015-01-25 20:28 - 02129920 _____ (Farbar) C:\Users\CELL\Desktop\FRST64.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 00112640 _____ (forum.viry.cz) C:\Users\CELL\Desktop\FRSTLauncher.exe
2015-01-25 20:12 - 2015-01-25 20:12 - 00108000 _____ () C:\Users\CELL\Desktop\log.htm
2015-01-25 19:44 - 2015-01-25 19:44 - 00000000 ____D () C:\Users\CELL\Desktop\Microsoft Windows 7 Home Premium Service Pack 1
2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\CELL\Desktop\junior
2015-01-25 13:24 - 2015-01-25 13:24 - 00816968 _____ () C:\Users\CELL\Downloads\[CzT]Arma_III_Complete_Edition_2013_CZ_.torrent
2015-01-24 22:19 - 2015-01-24 22:26 - 00000040 _____ () C:\Users\CELL\Desktop\sa.txt
2015-01-23 23:05 - 2015-01-23 23:05 - 00000000 ____D () C:\Users\CELL\Desktop\stares pohled
2015-01-23 21:13 - 2015-01-23 21:13 - 00000000 ____D () C:\Users\CELL\Desktop\raspberry pi kniha
2015-01-22 21:02 - 2015-01-22 21:02 - 00000000 ____D () C:\Users\CELL\Desktop\Americký sniper
2015-01-21 21:27 - 2015-01-21 21:27 - 00000000 ____D () C:\Users\CELL\Desktop\Parks and recreation
2015-01-21 21:20 - 2015-01-21 21:20 - 00000000 ____D () C:\Users\CELL\Desktop\30 minut po půlnoci
2015-01-21 17:17 - 2015-01-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-20 21:27 - 2015-01-20 21:27 - 00000000 ____D () C:\Users\CELL\Desktop\+OndřejFilipec
2015-01-20 19:16 - 2015-01-20 19:16 - 00000000 ____D () C:\Users\CELL\Desktop\argo
2015-01-19 16:38 - 2015-01-19 16:38 - 00000000 ____D () C:\Users\CELL\Desktop\hintit involves pillows and blankets
2015-01-18 13:31 - 2015-01-18 13:31 - 00000000 ____D () C:\Users\CELL\Desktop\stoned zhuleny
2015-01-18 12:15 - 2015-01-18 12:15 - 00000000 ____D () C:\Users\CELL\Desktop\mention zminit
2015-01-18 12:13 - 2015-01-18 12:13 - 00000000 ____D () C:\Users\CELL\Desktop\conveniently vyhodne
2015-01-17 23:56 - 2015-01-17 23:56 - 00000000 ____D () C:\Users\CELL\Desktop\dart
2015-01-17 22:46 - 2015-01-17 23:25 - 00000000 ____D () C:\heroku
2015-01-17 22:05 - 2015-01-17 22:05 - 00046165 _____ () C:\Users\CELL\Downloads\[CzT]Star_wars_Hvezdne_Valky_1_6_CZ.torrent
2015-01-17 21:28 - 2015-01-17 21:28 - 00000000 ____D () C:\Users\CELL\Desktop\agent carter
2015-01-16 17:13 - 2015-01-16 17:13 - 00000000 ____D () C:\Users\CELL\Desktop\koupit dolez.al
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\CELL\Desktop\spitting plive
2015-01-16 14:27 - 2015-01-16 14:27 - 00000000 ____D () C:\Users\CELL\Desktop\splitting rozdeluje
2015-01-16 14:06 - 2015-01-16 14:06 - 00000162 _____ () C:\Users\CELL\Desktop\most pod temzi.txt
2015-01-15 17:52 - 2015-01-25 18:34 - 00000000 ____D () C:\dev
2015-01-14 21:17 - 2015-01-14 21:18 - 00004621 _____ () C:\Users\CELL\Desktop\dass.txt
2015-01-14 20:56 - 2015-01-14 20:56 - 00000239 _____ () C:\Users\CELL\Desktop\Dlouhodobé Todoist.URL
2015-01-14 19:33 - 2015-01-14 19:33 - 00000000 ____D () C:\Users\CELL\Desktop\face the consequences
2015-01-14 18:47 - 2015-01-14 18:47 - 00000000 ____D () C:\Users\CELL\Desktop\saas
2015-01-14 16:41 - 2015-01-14 16:41 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:41 - 2015-01-14 16:41 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:41 - 2015-01-14 16:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:41 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:36 - 2015-01-14 16:36 - 00000000 ____D () C:\Users\CELL\Desktop\njs nagli
2015-01-14 16:34 - 2015-01-14 16:34 - 00000000 ____D () C:\Users\CELL\Desktop\What else did you find
2015-01-13 21:56 - 2015-01-13 21:56 - 00000000 ____D () C:\Users\CELL\Desktop\Can I talk to you for a second
2015-01-13 21:55 - 2015-01-13 21:55 - 00000000 ____D () C:\Users\CELL\Desktop\Can I have something to eat
2015-01-13 19:46 - 2015-01-13 19:46 - 00000000 ____D () C:\Users\CELL\Desktop\tak e me to churhc
2015-01-13 17:20 - 2015-01-13 17:20 - 00000000 ____D () C:\Users\CELL\Desktop\maly pngcko
2015-01-12 19:49 - 2015-01-12 20:06 - 209706997 _____ () C:\Users\CELL\Downloads\ArchLinuxARM-2014.06-rpi.img.zip
2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-12 19:45 - 2015-01-12 19:45 - 01110476 _____ () C:\Users\CELL\Downloads\7z920.exe
2015-01-12 19:05 - 2015-01-12 19:29 - 220637379 _____ () C:\Users\CELL\Downloads\ArchLinuxARM-2014.10-rpi-rootfs.tar.gz
2015-01-12 18:00 - 2015-01-12 18:18 - 3124756480 _____ () C:\Users\CELL\Desktop\zal.img
2015-01-11 12:46 - 2015-01-11 12:46 - 00253095 _____ () C:\Users\CELL\Desktop\3288932--tajemna-stinadla-maji-svoji-mapu-autor-ji-tvoril-ctyri-mesice--1-950x0p0.jpeg
2015-01-10 18:56 - 2015-01-10 18:56 - 00000000 ____D () C:\Users\Game\AppData\Roaming\Mozilla
2015-01-10 15:18 - 2015-01-10 15:18 - 00011763 _____ () C:\Users\CELL\Downloads\[CzT]Captain_America_Navrat_prvniho_Avengera_Captain_America_The_Winter_Soldier_2014_CZ_.torrent
2015-01-10 13:57 - 2015-01-10 13:57 - 00000000 ____D () C:\ProgramData\ALI213
2015-01-09 20:46 - 2015-01-09 20:46 - 00000000 ____D () C:\Users\CELL\Desktop\react.js
2015-01-09 17:19 - 2015-01-09 17:19 - 00000000 ____D () C:\Users\CELL\Desktop\hostage rukojmi
2015-01-09 15:04 - 2015-01-09 15:04 - 00000000 ____D () C:\Users\CELL\Desktop\due zpusoben
2015-01-08 19:41 - 2015-01-08 19:41 - 00000000 ____D () C:\Users\CELL\Desktop\It's that time of the year when we predict the best web technologies and tools to look forward to. We are excited about AngularJS 2.0, React, Meteor, Ionic Framework and SocketIO
2015-01-08 18:48 - 2015-01-08 18:48 - 00015325 _____ () C:\Users\CELL\Downloads\[CzT]Darce_The_Giver_2014_WebRip_.torrent
2015-01-08 17:32 - 2015-01-08 18:31 - 00000971 _____ () C:\Users\CELL\Desktop\text.py
2015-01-06 16:50 - 2015-01-06 16:56 - 00000000 ____D () C:\laravel
2015-01-06 15:02 - 2015-01-06 15:02 - 00041658 _____ () C:\Users\CELL\Downloads\[CzT]Sniper_Elite_III_2014_CZ_.torrent
2015-01-04 13:03 - 2015-01-04 13:03 - 00089121 _____ () C:\Users\CELL\Downloads\[CzT]Dead_Rising_3_Apocalypse_Edition_2014_.torrent
2015-01-03 12:29 - 2015-01-03 12:29 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 21:55 - 2015-01-02 21:55 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-02 21:54 - 2015-01-02 21:54 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MongoVUE
2015-01-02 21:54 - 2015-01-02 21:54 - 00000000 ____D () C:\Program Files (x86)\MongoVUE
2015-01-02 21:51 - 2015-01-02 21:53 - 16779491 _____ () C:\Users\CELL\Downloads\Installer-1.6.9.zip
2015-01-02 17:56 - 2015-01-02 17:56 - 00020474 _____ () C:\Users\CELL\Downloads\[CzT]Prelet_nad_kukaccim_hnizdem_One_Flew_Over_the_Cuckoo_s_Nest.torrent
2015-01-02 17:46 - 2015-01-02 17:46 - 00012820 _____ () C:\Users\CELL\Downloads\the.it.crowd.moss.and.the.german.(2007).eng.1cd.(3587249).zip
2015-01-02 17:34 - 2015-01-02 17:34 - 00012785 _____ () C:\Users\CELL\Downloads\the.it.crowd.return.of.the.golden.child.(2007).eng.1cd.(3587248).zip
2015-01-02 17:14 - 2015-01-02 17:14 - 00013112 _____ () C:\Users\CELL\Downloads\the.it.crowd.the.work.outing.(2007).eng.1cd.(3143787).zip
2015-01-02 14:13 - 2015-01-02 16:30 - 1028653056 _____ () C:\Users\CELL\Downloads\ubuntu-14.04.1-desktop-amd64.iso
2015-01-01 12:34 - 2015-01-26 20:10 - 00001826 _____ () C:\Windows\setupact.log
2015-01-01 12:34 - 2015-01-25 22:17 - 00013180 _____ () C:\Windows\PFRO.log
2015-01-01 12:34 - 2015-01-01 12:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-31 20:51 - 2014-12-31 20:51 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 20:51 - 2014-12-31 20:51 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-31 20:37 - 2014-12-31 20:37 - 00000000 ____D () C:\Program Files (x86)\Digiarty

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 22:00 - 2014-03-22 12:38 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-26 21:46 - 2013-12-22 21:48 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 21:42 - 2013-11-30 16:01 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\FileZilla
2015-01-26 21:35 - 2014-12-11 18:13 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 21:10 - 2014-10-12 18:46 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000UA.job
2015-01-26 20:43 - 2013-11-29 21:53 - 01825691 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 20:17 - 2009-07-14 16:18 - 00744650 _____ () C:\Windows\system32\perfh005.dat
2015-01-26 20:17 - 2009-07-14 16:18 - 00189632 _____ () C:\Windows\system32\perfc005.dat
2015-01-26 20:17 - 2009-07-14 06:13 - 01680498 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 20:15 - 2014-03-29 21:05 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Spotify
2015-01-26 20:15 - 2013-11-30 14:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-26 20:13 - 2014-11-21 19:32 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Dropbox
2015-01-26 20:13 - 2014-01-07 16:38 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-26 20:13 - 2013-11-30 12:55 - 00000000 ___RD () C:\Users\CELL\Dropbox
2015-01-26 20:12 - 2013-12-22 21:48 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 20:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 22:16 - 2014-10-12 19:01 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome Canary
2015-01-25 22:16 - 2014-10-12 18:51 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-01-25 22:16 - 2014-03-22 15:20 - 00573106 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-25 22:16 - 2013-12-22 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 22:16 - 2013-11-29 21:58 - 00000972 _____ () C:\Users\CELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 22:16 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:16 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:06 - 2014-03-01 17:53 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61125978-F6C6-4945-A1A6-1B3A1896D2D3}
2015-01-25 20:25 - 2013-11-30 15:52 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\vlc
2015-01-25 20:10 - 2014-10-12 18:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000Core.job
2015-01-25 18:34 - 2014-06-20 13:44 - 00000000 ___RD () C:\www
2015-01-24 22:35 - 2014-12-11 18:13 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:35 - 2013-11-30 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:35 - 2013-11-30 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 00:18 - 2013-12-12 18:24 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\.minecraft
2015-01-22 20:54 - 2014-09-24 15:57 - 00000000 ____D () C:\Users\CELL\Cisco Packet Tracer 6.0.1
2015-01-22 20:53 - 2014-09-24 15:57 - 00000186 _____ () C:\Users\CELL\.packettracer
2015-01-22 17:15 - 2013-12-20 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 00:12 - 2014-09-29 19:16 - 00000310 _____ () C:\Users\CELL\_netrc
2015-01-17 22:47 - 2014-09-24 17:28 - 00000000 ____D () C:\Users\CELL\.heroku
2015-01-15 17:51 - 2014-02-01 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 17:24 - 2014-03-02 15:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 17:19 - 2014-03-05 20:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 19:22 - 2014-01-25 15:07 - 00000000 ____D () C:\Users\CELL\.VirtualBox
2015-01-11 12:52 - 2013-11-30 15:50 - 00000000 ____D () C:\Users\CELL\Desktop\Nastroje
2015-01-10 14:38 - 2014-10-16 18:07 - 00000000 ____D () C:\Users\CELL\Desktop\game
2015-01-10 13:47 - 2014-03-01 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2015-01-08 18:31 - 2014-02-06 16:08 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Wing 101 5
2015-01-06 16:52 - 2014-11-13 16:02 - 00000000 ____D () C:\Users\CELL\AppData\Roaming\Composer
2015-01-03 12:45 - 2014-08-20 13:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 12:45 - 2014-08-20 13:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 12:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-03 12:29 - 2014-08-20 13:52 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 12:29 - 2014-08-20 13:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 12:29 - 2014-08-20 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 12:29 - 2014-01-26 12:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 14:00 - 2014-10-16 18:07 - 00000000 ____D () C:\Users\CELL\Desktop\ide
2014-12-31 20:51 - 2014-06-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-31 20:43 - 2014-05-30 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-12-29 17:54 - 2014-06-25 14:37 - 00000000 ____D () C:\Users\Game\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2014-04-11 22:02 - 2014-04-11 22:26 - 0000132 _____ () C:\Users\CELL\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-09-05 23:14 - 2014-09-19 14:53 - 0000132 _____ () C:\Users\CELL\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2014-06-25 14:36 - 2014-12-02 17:54 - 0000028 _____ () C:\Users\CELL\AppData\Roaming\Network Meter_Usage.ini
2013-11-30 21:18 - 2014-06-11 20:33 - 0027887 _____ () C:\Users\CELL\AppData\Roaming\phpdesigner.xml
2014-03-11 21:34 - 2014-11-06 19:24 - 0001480 _____ () C:\Users\CELL\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2015-01-26 22:02 - 2015-01-26 22:02 - 0029696 _____ () C:\Users\CELL\AppData\Local\MSGBOX.EXE
2014-03-21 15:04 - 2015-01-25 22:13 - 0000600 _____ () C:\Users\CELL\AppData\Local\PUTTY.RND
2014-01-01 22:40 - 2014-01-01 22:40 - 0007958 _____ () C:\Users\CELL\AppData\Local\recently-used.xbel
2013-12-28 20:40 - 2014-12-02 18:17 - 0007618 _____ () C:\Users\CELL\AppData\Local\Resmon.ResmonCfg
2014-09-13 19:40 - 2014-09-13 19:40 - 0000176 _____ () C:\ProgramData\defraggler_list.txt

Files to move or delete:
====================
C:\Users\CELL\IP_Log_Data.js
C:\Users\CELL\Network_Meter_Data.js
C:\Users\Mican\IP_Log_Data.js
C:\Users\Mican\Network_Meter_Data.js


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 12:02

==================== End Of Log ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: G - G:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {12f1b15c-59c1-11e3-9c6f-002401eb26ba} - F:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {91a0ecc8-b750-11e3-97a9-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {9a915837-8125-11e3-a6f2-002401eb26ba} - G:\Autorun.exe
HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\MountPoints2: {b29ffb77-eef2-11e3-80e4-002401eb26ba} - F:\autorun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{11E425FD-7C3A-4A65-9B3B-7873867EB5DB}: [NameServer]
Tcpip\..\Interfaces\{6ABEE459-1B3F-4A5C-9114-99A4F7FEA274}: [NameServer]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420054472&from=cvs&uid=WDCXWD7500BPVT-22HXZT3_WD-WX31EB1KJA16KJA16"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Extension: (GData Centers 1 Council Bluffs, Iowa) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonacmfdmkgfmmdejlinolgjomhcbmh [2014-05-20]
CHR Extension: (Stylebot) - C:\Users\CELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2014-05-20]
CHR HKU\S-1-5-21-2787697237-3961510220-1260839691-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CELL\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-19]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787697237-3961510220-1260839691-1000Core.job
C:\Users\CELL\IP_Log_Data.js
C:\Users\CELL\Network_Meter_Data.js
C:\Users\Mican\IP_Log_Data.js
C:\Users\Mican\Network_Meter_Data.js
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.