VIRY.CZ

Dobrý den,

prosím o pomoc, pravidelně mi vyskakuje okno z Esetu při práci s prohlížečem s JS/Kryptik.I trojský kůň a nevím si s ním rady. Děkuji za pomoc

Zde je log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Ondřej (administrator) on ONDREJ on 03-05-2014 19:55:54
Running from C:\Users\Ondřej\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BitTorrent Inc.) C:\Users\Ondřej\AppData\Roaming\uTorrent\uTorrent.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(forum.viry.cz) C:\Users\Ondřej\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\Run: [uTorrent] => C:\Users\Ondřej\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1426672966-227001833-1565962590-1000\...\MountPoints2: {5ddea031-62f1-11e1-bca8-14dae9f3f79e} - G:\setup.exe
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)
IFEO\googlebooks.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
SearchScopes: HKCU - {FA9C6B65-652F-4330-A1FF-3681C7D721B4} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default
FF user.js: detected! => C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\user.js
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: google.com
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ondřej\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ondřej\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ondřej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Ondřej\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\searchplugins\cloudmagic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Weather Now - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\a000b6@wips.com [2013-07-04]
FF Extension: CloudMagic - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\cloudmagic@cloudmagic [2013-09-08]
FF Extension: iCloud Bookmarks - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\firefoxdav@icloud.com [2013-12-21]
FF Extension: WebSite Recommendation - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\WebSiteRecommendation@weliketheweb.com [2014-03-22]
FF Extension: WOT - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Evernote Web Clipper - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
FF Extension: Gmail panel - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\gmail_panel@alejandrobrizuela.com.ar.xpi [2013-07-04]
FF Extension: Push to Kindle - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2013-07-17]
FF Extension: Clearly - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\readable@evernote.com.xpi [2013-09-08]
FF Extension: Send to Kindle for Mozilla Firefox - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\sendtokindle@amazon.com.xpi [2013-09-08]
FF Extension: FXChrome - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-01-20]
FF Extension: Adblock Plus - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-14]

Chrome:
=======
CHR HomePage: hxxp://us.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://us.yahoo.com?fr=fpc-comodo"
CHR Plugin: (Shockwave Flash) - C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ond\u0159ej\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Desktop) - C:\Users\Ond\u0159ej\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Dokumenty Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-27]
CHR Extension: (Disk Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (YouTube) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27]
CHR Extension: (Adobe Acrobat - Vytvořit PDF) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-06-27]
CHR Extension: (uTorrentControl_v2) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-06-27]
CHR Extension: (Skype Click to Call) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-27]
CHR Extension: (Peněženka Google) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (No Name) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-10-29]
CHR Extension: (Gmail) - C:\Users\Ondřej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ondřej\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Ondřej\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ondřej\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2074768 2013-03-07] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2011-12-12] ()
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2012-08-17] (Clarus, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-24] ()
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-29] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-24] ()
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2012-03-10] (C-Media Electronics Inc)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 19:55 - 2014-05-03 19:56 - 00032117 _____ () C:\Users\Ondřej\Desktop\FRST.txt
2014-05-03 19:55 - 2014-05-03 19:55 - 00000000 ____D () C:\FRST
2014-05-03 19:53 - 2014-05-03 19:53 - 00112640 _____ (forum.viry.cz) C:\Users\Ondřej\Desktop\FRSTLauncher.exe
2014-05-03 19:52 - 2014-05-03 19:52 - 02062336 _____ (Farbar) C:\Users\Ondřej\Desktop\FRST64.exe
2014-05-03 12:32 - 2014-05-03 12:32 - 07599474 _____ () C:\Users\Ondřej\Downloads\Moon+-Reader-Pro-v2.3.3.apk
2014-05-03 10:37 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 10:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 10:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 10:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 21:13 - 2014-05-02 21:13 - 00009441 _____ () C:\Users\Ondřej\Downloads\Vampyr---Der-Traum-des-Allan-Grey.1932.czsub.dvdrip.nn.srt
2014-05-02 21:11 - 2014-05-02 21:11 - 00007209 _____ () C:\Users\Ondřej\Downloads\Vampyr-Der-Traum-des-Allan-Grey-(0000007683).sub
2014-05-02 21:07 - 2014-05-02 21:07 - 00010298 _____ () C:\Users\Ondřej\Downloads\Vampyr-der-Traum-des-Allan-Grey(0000090300).srt
2014-05-02 19:00 - 2014-05-02 19:42 - 735295488 _____ () C:\Users\Ondřej\Downloads\Vampyr---Der-Traum-des-Allan-Grey.1932.czsub.dvdrip.nn.avi
2014-05-02 00:12 - 2014-05-02 00:12 - 00100099 _____ () C:\Users\Ondřej\Downloads\Living-in-Oblivion(0000039992).srt
2014-05-01 04:09 - 2014-05-01 04:10 - 183564288 _____ () C:\Users\Ondřej\Downloads\Simpsonovi 05x05 Specialni carodejnicky dil IV.avi
2014-04-30 21:56 - 2014-04-30 21:56 - 00675988 _____ () C:\Users\Ondřej\Downloads\Minecraft.exe
2014-04-30 21:52 - 2014-04-30 21:52 - 00011231 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e21_v1.zip
2014-04-30 21:29 - 2014-04-30 21:29 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-30 21:19 - 2014-04-30 21:20 - 60944384 _____ () C:\Users\Ondřej\Downloads\calibre-64bit-1.34.0.msi
2014-04-30 20:55 - 2014-04-30 20:55 - 00000000 ____D () C:\Users\Ondřej\Desktop\Bakalářskej stůl
2014-04-25 11:21 - 2014-04-25 11:23 - 10789605 _____ () C:\Users\Ondřej\Downloads\Minecraft-Pocket-Edition-0.8.1.apk
2014-04-25 11:07 - 2014-04-11 23:57 - 00028245 _____ () C:\Users\Ondřej\Downloads\The.Big.Bang.Theory.S07E20.hdtv-lol.srt
2014-04-25 10:57 - 2014-04-25 10:57 - 00012250 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e20_v1.zip
2014-04-25 03:26 - 2014-04-25 03:28 - 233066496 _____ () C:\Users\Ondřej\Downloads\23x22 Liza a Lady Gaga.avi
2014-04-25 03:25 - 2014-04-25 03:28 - 181104592 _____ () C:\Users\Ondřej\Downloads\23x21 Tajnosti Neda a Edny.avi
2014-04-25 03:25 - 2014-04-25 03:27 - 185675950 _____ () C:\Users\Ondřej\Downloads\23x20 - Špion který me poučil.avi
2014-04-25 03:24 - 2014-04-25 03:25 - 187437454 _____ () C:\Users\Ondřej\Downloads\23x19 - Super věc,kterou Bart už nikdy neudělá.avi
2014-04-23 21:55 - 2014-04-23 21:57 - 231555072 _____ () C:\Users\Ondřej\Downloads\23x15 - Zavíráme krám.avi
2014-04-23 21:53 - 2014-04-23 21:57 - 180537260 _____ () C:\Users\Ondřej\Downloads\23x14 - Konečně zmizte!.avi
2014-04-23 21:53 - 2014-04-23 21:56 - 182421034 _____ () C:\Users\Ondřej\Downloads\23x13 - Fiesta s Lízou.avi
2014-04-23 21:52 - 2014-04-23 21:56 - 183641770 _____ () C:\Users\Ondřej\Downloads\23x18 - Mé srdce patří Bártovi.avi
2014-04-23 21:52 - 2014-04-23 21:55 - 184535040 _____ () C:\Users\Ondřej\Downloads\23x12 - Vočko na hadry.avi
2014-04-23 01:34 - 2014-04-23 01:35 - 00000000 ____D () C:\Windows\rescache
2014-04-23 00:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 00:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 00:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 00:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 00:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 00:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 00:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 00:00 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 00:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 00:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 00:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 00:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 00:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 00:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 00:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 00:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 00:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 00:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 00:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 00:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 00:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 00:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 00:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 00:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 00:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 00:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 00:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 00:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 00:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 00:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 00:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 00:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 00:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 00:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 00:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 00:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 00:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 00:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 00:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 00:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 00:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 00:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 00:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 00:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 23:29 - 2014-04-22 23:29 - 00000000 ____D () C:\Users\Ondřej\AppData\Local\Skype
2014-04-22 23:29 - 2014-04-22 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-18 21:19 - 2014-04-18 21:20 - 00000000 ____D () C:\Program Files (x86)\Dust An Elysian Tail
2014-04-18 20:26 - 2014-04-19 11:50 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\Rogue Legacy
2014-04-18 20:26 - 2014-04-18 20:26 - 00000659 _____ () C:\Users\Ondřej\Desktop\Rogue Legacy.lnk
2014-04-18 18:20 - 2014-04-18 18:20 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\jelly
2014-04-18 18:16 - 2014-04-18 18:16 - 00000662 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Floor is Jelly.lnk
2014-04-18 02:57 - 2014-04-18 03:38 - 2089245931 _____ () C:\Users\Ondřej\Downloads\Simpsonovi 24.serie 1-5dil by Stifa11.rar
2014-04-17 17:03 - 2014-04-17 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-04-17 17:01 - 2014-04-17 17:01 - 00192329 _____ () C:\Users\Ondřej\Downloads\BS5.rar
2014-04-17 16:41 - 2014-04-17 16:41 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00000701 _____ () C:\Users\Public\Desktop\Broken Sword 5.lnk
2014-04-17 16:41 - 2014-04-17 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 5
2014-04-17 16:41 - 2014-04-17 16:41 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-04-17 15:03 - 2014-04-17 15:03 - 00000743 _____ () C:\Users\Ondřej\Desktop\The Wolf Among Us Episode 3.lnk
2014-04-17 15:03 - 2014-04-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Wolf Among Us Episode 3
2014-04-10 09:33 - 2014-04-10 09:33 - 17529160 _____ (Google Inc.) C:\Users\Ondřej\Downloads\picasa39-setup.exe
2014-04-10 09:33 - 2014-04-10 09:33 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-04-09 16:46 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 16:46 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 16:46 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 16:46 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 16:46 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 16:46 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 16:46 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 16:46 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 16:46 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 16:46 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 16:46 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 16:46 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 16:46 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 16:46 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 16:46 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 16:46 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 16:46 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 19:41 - 2014-04-07 19:41 - 00011819 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e19_v1.zip
2014-04-04 15:06 - 2014-04-04 15:06 - 00086193 _____ () C:\Users\Ondřej\Downloads\Jagten(0000215477).srt
2014-04-03 21:52 - 2014-04-03 21:52 - 01082486 _____ () C:\Users\Ondřej\Downloads\Framaroot-1.9.1.apk
2014-04-03 11:30 - 2014-04-03 11:30 - 00000517 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk
2014-04-03 11:30 - 2014-04-03 11:30 - 00000517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Wonders III.lnk

==================== One Month Modified Files and Folders =======

2014-05-03 19:56 - 2014-05-03 19:55 - 00032117 _____ () C:\Users\Ondřej\Desktop\FRST.txt
2014-05-03 19:55 - 2014-05-03 19:55 - 00000000 ____D () C:\FRST
2014-05-03 19:53 - 2014-05-03 19:53 - 00112640 _____ (forum.viry.cz) C:\Users\Ondřej\Desktop\FRSTLauncher.exe
2014-05-03 19:53 - 2012-10-14 10:36 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\uTorrent
2014-05-03 19:52 - 2014-05-03 19:52 - 02062336 _____ (Farbar) C:\Users\Ondřej\Desktop\FRST64.exe
2014-05-03 19:30 - 2012-04-09 22:44 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 19:17 - 2014-01-21 21:00 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job
2014-05-03 19:15 - 2012-02-29 17:45 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 18:16 - 2013-04-12 12:11 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000UA.job
2014-05-03 13:30 - 2010-11-21 11:27 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2014-05-03 13:30 - 2010-11-21 11:27 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2014-05-03 13:30 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 12:32 - 2014-05-03 12:32 - 07599474 _____ () C:\Users\Ondřej\Downloads\Moon+-Reader-Pro-v2.3.3.apk
2014-05-03 12:16 - 2013-04-12 12:11 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000Core.job
2014-05-03 11:36 - 2012-02-29 17:42 - 01712491 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 11:00 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 11:00 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 10:53 - 2013-10-08 21:43 - 00000000 ___RD () C:\Users\Ondřej\Disk Google
2014-05-03 10:52 - 2014-01-01 13:05 - 00017738 _____ () C:\Windows\setupact.log
2014-05-03 10:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 00:28 - 2012-03-05 12:54 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\vlc
2014-05-02 23:50 - 2012-03-31 17:35 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\.minecraft
2014-05-02 21:13 - 2014-05-02 21:13 - 00009441 _____ () C:\Users\Ondřej\Downloads\Vampyr---Der-Traum-des-Allan-Grey.1932.czsub.dvdrip.nn.srt
2014-05-02 21:11 - 2014-05-02 21:11 - 00007209 _____ () C:\Users\Ondřej\Downloads\Vampyr-Der-Traum-des-Allan-Grey-(0000007683).sub
2014-05-02 21:07 - 2014-05-02 21:07 - 00010298 _____ () C:\Users\Ondřej\Downloads\Vampyr-der-Traum-des-Allan-Grey(0000090300).srt
2014-05-02 19:42 - 2014-05-02 19:00 - 735295488 _____ () C:\Users\Ondřej\Downloads\Vampyr---Der-Traum-des-Allan-Grey.1932.czsub.dvdrip.nn.avi
2014-05-02 00:12 - 2014-05-02 00:12 - 00100099 _____ () C:\Users\Ondřej\Downloads\Living-in-Oblivion(0000039992).srt
2014-05-01 04:10 - 2014-05-01 04:09 - 183564288 _____ () C:\Users\Ondřej\Downloads\Simpsonovi 05x05 Specialni carodejnicky dil IV.avi
2014-04-30 21:56 - 2014-04-30 21:56 - 00675988 _____ () C:\Users\Ondřej\Downloads\Minecraft.exe
2014-04-30 21:52 - 2014-04-30 21:52 - 00011231 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e21_v1.zip
2014-04-30 21:29 - 2014-04-30 21:29 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-30 21:29 - 2013-02-01 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-04-30 21:29 - 2013-02-01 23:27 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-30 21:20 - 2014-04-30 21:19 - 60944384 _____ () C:\Users\Ondřej\Downloads\calibre-64bit-1.34.0.msi
2014-04-30 20:55 - 2014-04-30 20:55 - 00000000 ____D () C:\Users\Ondřej\Desktop\Bakalářskej stůl
2014-04-29 16:01 - 2014-05-03 10:37 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 10:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 10:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 10:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 16:19 - 2014-01-01 13:05 - 00227576 _____ () C:\Windows\PFRO.log
2014-04-25 11:23 - 2014-04-25 11:21 - 10789605 _____ () C:\Users\Ondřej\Downloads\Minecraft-Pocket-Edition-0.8.1.apk
2014-04-25 10:57 - 2014-04-25 10:57 - 00012250 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e20_v1.zip
2014-04-25 03:28 - 2014-04-25 03:26 - 233066496 _____ () C:\Users\Ondřej\Downloads\23x22 Liza a Lady Gaga.avi
2014-04-25 03:28 - 2014-04-25 03:25 - 181104592 _____ () C:\Users\Ondřej\Downloads\23x21 Tajnosti Neda a Edny.avi
2014-04-25 03:27 - 2014-04-25 03:25 - 185675950 _____ () C:\Users\Ondřej\Downloads\23x20 - Špion který me poučil.avi
2014-04-25 03:25 - 2014-04-25 03:24 - 187437454 _____ () C:\Users\Ondřej\Downloads\23x19 - Super věc,kterou Bart už nikdy neudělá.avi
2014-04-23 21:57 - 2014-04-23 21:55 - 231555072 _____ () C:\Users\Ondřej\Downloads\23x15 - Zavíráme krám.avi
2014-04-23 21:57 - 2014-04-23 21:53 - 180537260 _____ () C:\Users\Ondřej\Downloads\23x14 - Konečně zmizte!.avi
2014-04-23 21:56 - 2014-04-23 21:53 - 182421034 _____ () C:\Users\Ondřej\Downloads\23x13 - Fiesta s Lízou.avi
2014-04-23 21:56 - 2014-04-23 21:52 - 183641770 _____ () C:\Users\Ondřej\Downloads\23x18 - Mé srdce patří Bártovi.avi
2014-04-23 21:55 - 2014-04-23 21:52 - 184535040 _____ () C:\Users\Ondřej\Downloads\23x12 - Vočko na hadry.avi
2014-04-23 01:35 - 2014-04-23 01:34 - 00000000 ____D () C:\Windows\rescache
2014-04-23 00:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 23:31 - 2012-02-29 18:27 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\Skype
2014-04-22 23:29 - 2014-04-22 23:29 - 00000000 ____D () C:\Users\Ondřej\AppData\Local\Skype
2014-04-22 23:29 - 2014-04-22 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-22 23:29 - 2012-02-29 18:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 23:29 - 2012-02-29 18:27 - 00000000 ____D () C:\ProgramData\Skype
2014-04-19 11:50 - 2014-04-18 20:26 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\Rogue Legacy
2014-04-18 21:22 - 2013-02-24 21:12 - 00000000 ____D () C:\Users\Ondřej\Documents\SavedGames
2014-04-18 21:20 - 2014-04-18 21:19 - 00000000 ____D () C:\Program Files (x86)\Dust An Elysian Tail
2014-04-18 21:20 - 2014-01-27 16:46 - 00054092 _____ () C:\Windows\DirectX.log
2014-04-18 20:26 - 2014-04-18 20:26 - 00000659 _____ () C:\Users\Ondřej\Desktop\Rogue Legacy.lnk
2014-04-18 20:26 - 2013-11-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-04-18 18:20 - 2014-04-18 18:20 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\jelly
2014-04-18 18:16 - 2014-04-18 18:16 - 00000662 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Floor is Jelly.lnk
2014-04-18 03:38 - 2014-04-18 02:57 - 2089245931 _____ () C:\Users\Ondřej\Downloads\Simpsonovi 24.serie 1-5dil by Stifa11.rar
2014-04-18 00:54 - 2013-12-12 16:16 - 00000000 ____D () C:\Users\Ondřej\Documents\Broken Sword 5
2014-04-17 17:03 - 2014-04-17 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-04-17 17:02 - 2012-04-02 18:23 - 00000000 ____D () C:\Users\Ondřej\AppData\Local\SKIDROW
2014-04-17 17:01 - 2014-04-17 17:01 - 00192329 _____ () C:\Users\Ondřej\Downloads\BS5.rar
2014-04-17 16:41 - 2014-04-17 16:41 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-04-17 16:41 - 2014-04-17 16:41 - 00000701 _____ () C:\Users\Public\Desktop\Broken Sword 5.lnk
2014-04-17 16:41 - 2014-04-17 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 5
2014-04-17 16:41 - 2014-04-17 16:41 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-04-17 15:05 - 2013-10-13 15:19 - 00000000 ____D () C:\Users\Ondřej\Documents\Telltale Games
2014-04-17 15:03 - 2014-04-17 15:03 - 00000743 _____ () C:\Users\Ondřej\Desktop\The Wolf Among Us Episode 3.lnk
2014-04-17 15:03 - 2014-04-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Wolf Among Us Episode 3
2014-04-17 14:50 - 2012-03-11 14:04 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\dvdcss
2014-04-17 13:37 - 2012-02-29 20:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-12 21:20 - 2012-06-24 12:50 - 00149152 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-04-11 23:57 - 2014-04-25 11:07 - 00028245 _____ () C:\Users\Ondřej\Downloads\The.Big.Bang.Theory.S07E20.hdtv-lol.srt
2014-04-11 03:22 - 2013-10-08 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-04-10 19:10 - 2014-01-21 21:00 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190
2014-04-10 19:10 - 2012-02-29 17:45 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-10 09:33 - 2014-04-10 09:33 - 17529160 _____ (Google Inc.) C:\Users\Ondřej\Downloads\picasa39-setup.exe
2014-04-10 09:33 - 2014-04-10 09:33 - 00001106 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-04-10 09:33 - 2012-04-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-04-10 03:01 - 2013-08-14 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:00 - 2012-02-29 18:11 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 19:13 - 2013-01-17 17:24 - 00000000 ____D () C:\Users\Ondřej\AppData\Roaming\eCub
2014-04-08 09:55 - 2014-03-23 01:56 - 00610304 _____ () C:\Users\Ondřej\Downloads\DzPVZP13_z.xls
2014-04-07 19:41 - 2014-04-07 19:41 - 00011819 _____ () C:\Users\Ondřej\Downloads\bbtcz-s07e19_v1.zip
2014-04-04 15:06 - 2014-04-04 15:06 - 00086193 _____ () C:\Users\Ondřej\Downloads\Jagten(0000215477).srt
2014-04-03 21:52 - 2014-04-03 21:52 - 01082486 _____ () C:\Users\Ondřej\Downloads\Framaroot-1.9.1.apk
2014-04-03 12:12 - 2012-03-11 00:00 - 00000000 ____D () C:\Users\Ondřej\Documents\My Games
2014-04-03 11:30 - 2014-04-03 11:30 - 00000517 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk
2014-04-03 11:30 - 2014-04-03 11:30 - 00000517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Wonders III.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000Core.job => C:\Users\OndYej\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000UA.job => C:\Users\OndYej\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000Core1cecf2093d9af2e.job => C:\Users\OndYej\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1426672966-227001833-1565962590-1000UA.job => C:\Users\OndYej\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ond�ej\Desktop" je 1386 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
"C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Díky za odpověď

Zde je log z ComboFix:

ComboFix 14-04-30.01 - Ondřej 03.05.2014 20:57:35.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8169.4968 [GMT 2:00]
Spuštěný z: c:\users\Ond°ej\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DBEFA506C4.sys
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_ctypes.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_elementtree.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_hashlib.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_multiprocessing.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_socket.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\_ssl.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\pyexpat.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\pysqlite2._sqlite.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\python27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\pythoncom27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\PyWinTypes27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\select.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\unicodedata.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32api.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32com.shell.shell.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32crypt.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32event.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32file.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32inet.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32pdh.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32pipe.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32process.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32profile.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32security.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\win32ts.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\windows._lib_cacheinvalidation.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._controls_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._core_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._gdi_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._html2.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._misc_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._windows_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wx._wizard.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxbase294u_net_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxbase294u_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxmsw294u_adv_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxmsw294u_core_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxmsw294u_html_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI45442\wxmsw294u_webview_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_ctypes.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_elementtree.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_hashlib.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_multiprocessing.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_socket.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\_ssl.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\pyexpat.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\pysqlite2._sqlite.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\python27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\pythoncom27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\PyWinTypes27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\select.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\unicodedata.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32api.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32com.shell.shell.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32crypt.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32event.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32file.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32inet.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32pdh.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32pipe.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32process.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32profile.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32security.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\win32ts.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\windows._lib_cacheinvalidation.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._controls_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._core_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._gdi_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._html2.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._misc_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._windows_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wx._wizard.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxbase294u_net_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxbase294u_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxmsw294u_adv_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxmsw294u_core_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxmsw294u_html_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI45442\wxmsw294u_webview_vc90.dll
c:\windows\PFRO.log
c:\windows\SysWow64\SET126D.tmp
F:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-03 do 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 19:06 . 2014-05-03 19:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3977ACA3-BA79-4189-9B8D-69270CFAE749}\offreg.dll
2014-05-03 19:03 . 2014-05-03 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-03 17:55 . 2014-05-03 17:55 -------- d-----w- C:\FRST
2014-05-03 08:37 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-03 08:36 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 08:36 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-02 09:08 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3977ACA3-BA79-4189-9B8D-69270CFAE749}\mpengine.dll
2014-04-22 23:34 . 2014-04-22 23:35 -------- d-----w- c:\windows\rescache
2014-04-22 21:29 . 2014-04-22 21:29 -------- d-----w- c:\users\Ondřej\AppData\Local\Skype
2014-04-22 21:29 . 2014-04-22 21:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-18 19:19 . 2014-04-18 19:20 -------- d-----w- c:\program files (x86)\Dust An Elysian Tail
2014-04-18 18:26 . 2014-04-19 09:50 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Rogue Legacy
2014-04-18 16:20 . 2014-04-18 16:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\jelly
2014-04-17 14:41 . 2014-04-17 14:41 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-04-17 14:41 . 2014-04-17 14:41 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-04-17 14:41 . 2014-04-17 14:41 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-04-17 14:41 . 2014-04-17 14:41 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-04-17 14:41 . 2014-04-17 14:41 -------- d-----w- c:\program files (x86)\OpenAL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 01:00 . 2012-02-29 16:11 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 21:44 . 2012-04-09 20:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-26 21:44 . 2012-03-10 00:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-03-04 10:01 . 2012-09-30 09:26 1010576 ----a-w- c:\windows\PE_Rom.dll
2014-03-04 09:17 . 2014-04-09 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-13 15:06 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 15:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 15:05 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 15:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 15:05 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"uTorrent"="c:\users\Ondřej\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-29 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-4-14 1107296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"UVS10 Preload"=c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
"ASUS Ai Charger"=c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CanonQuickMenu"=c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"QuickTime Task"="c:\program files (x86)\CS Software\CS Codec Solution\QT\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:44]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 15:45]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Nová poznámka - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Oříznout tuto stránku - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Vystřihnout obrázek - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Vystřihnout URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Výběr oříznutí - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1426672966-227001833-1565962590-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*s*S7w\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1426672966-227001833-1565962590-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,6c,22,89,61,aa,b6,db,b8,3a,60,03,cc,73,4d,c7,70,69,58,18,dc,
ed,8e,c9,90,74,89,0f,cf,ba,2f,67,ce,1b,37,13,79,a2,57,11,35,af,0e,74,2b,58,\
"rkeysecu"=hex:53,7b,17,b9,5f,fe,de,b7,ae,75,92,92,77,49,c7,20
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\users\Ondc:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Celkový čas: 2014-05-03 21:09:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-03 19:09
.
Před spuštěním: 2 038 751 232
Po spuštění: 1 939 673 088
.
- - End Of File - - 8760D4FD24FAC4C8C06E493E8C9FFDC5
A36C5E4F47E84449FF07ED3517B43A31

Ještě dočistíme. Přesuňte CF na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job


Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-

Driver::
BBUpdate
BBSvc
c2cautoupdatesvc
c2cpnrsvc

RegLock::
[HKEY_USERS\S-1-5-21-1426672966-227001833-1565962590-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*s*S7w\OpenWithList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_USERS\S-1-5-21-1426672966-227001833-1565962590-1000\Software\SecuROM\License information*]

Reboot::

Uložte opět na kořenový adresář c:\ jako CFScript.txt. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Díky

ComboFix 14-04-30.01 - Ondřej 03.05.2014 22:30:08.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8169.5447 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt.TXT
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_ctypes.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_elementtree.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_hashlib.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_multiprocessing.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_socket.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\_ssl.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\pyexpat.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\pysqlite2._sqlite.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\python27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\pythoncom27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\PyWinTypes27.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\select.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\unicodedata.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32api.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32com.shell.shell.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32crypt.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32event.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32file.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32inet.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32pdh.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32pipe.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32process.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32profile.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32security.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\win32ts.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\windows._lib_cacheinvalidation.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._controls_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._core_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._gdi_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._html2.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._misc_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._windows_.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wx._wizard.pyd
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxbase294u_net_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxbase294u_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxmsw294u_adv_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxmsw294u_core_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxmsw294u_html_vc90.dll
c:\users\Ondřej\AppData\Local\Temp\_MEI51002\wxmsw294u_webview_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_ctypes.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_elementtree.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_hashlib.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_multiprocessing.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_socket.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\_ssl.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\pyexpat.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\pysqlite2._sqlite.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\python27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\pythoncom27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\PyWinTypes27.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\select.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\unicodedata.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32api.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32com.shell.shell.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32crypt.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32event.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32file.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32inet.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32pdh.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32pipe.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32process.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32profile.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32security.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\win32ts.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\windows._lib_cacheinvalidation.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._controls_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._core_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._gdi_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._html2.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._misc_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._windows_.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wx._wizard.pyd
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxbase294u_net_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxbase294u_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxmsw294u_adv_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxmsw294u_core_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxmsw294u_html_vc90.dll
c:\users\ONDEJ~1\AppData\Local\Temp\_MEI51002\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BBSvc
-------\Service_BBUpdate
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-03 do 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-03 20:36 . 2014-05-03 20:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-03 20:36 . 2014-05-03 20:36 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-05-03 20:36 . 2014-05-03 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 20:36 . 2014-05-03 20:36 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2014-05-03 19:09 . 2014-05-03 19:09 -------- d-----w- c:\users\ONDEJ~2\AppData
2014-05-03 17:55 . 2014-05-03 17:55 -------- d-----w- C:\FRST
2014-05-03 08:37 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-03 08:36 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 08:36 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-02 09:08 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3977ACA3-BA79-4189-9B8D-69270CFAE749}\mpengine.dll
2014-04-22 23:34 . 2014-04-22 23:35 -------- d-----w- c:\windows\rescache
2014-04-22 21:29 . 2014-04-22 21:29 -------- d-----w- c:\users\Ondřej\AppData\Local\Skype
2014-04-22 21:29 . 2014-04-22 21:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-18 19:19 . 2014-04-18 19:20 -------- d-----w- c:\program files (x86)\Dust An Elysian Tail
2014-04-18 18:26 . 2014-04-19 09:50 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Rogue Legacy
2014-04-18 16:20 . 2014-04-18 16:20 -------- d-----w- c:\users\Ondřej\AppData\Roaming\jelly
2014-04-17 14:41 . 2014-04-17 14:41 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-04-17 14:41 . 2014-04-17 14:41 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-04-17 14:41 . 2014-04-17 14:41 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-04-17 14:41 . 2014-04-17 14:41 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-04-17 14:41 . 2014-04-17 14:41 -------- d-----w- c:\program files (x86)\OpenAL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 01:00 . 2012-02-29 16:11 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 21:44 . 2012-04-09 20:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-26 21:44 . 2012-03-10 00:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-03-04 10:01 . 2012-09-30 09:26 1010576 ----a-w- c:\windows\PE_Rom.dll
2014-03-04 09:17 . 2014-04-09 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-13 15:06 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 15:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 15:05 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 15:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 15:05 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"uTorrent"="c:\users\Ondřej\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-29 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-4-14 1107296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"UVS10 Preload"=c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
"ASUS Ai Charger"=c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CanonQuickMenu"=c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"QuickTime Task"="c:\program files (x86)\CS Software\CS Codec Solution\QT\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:44]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 15:45]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf16daff631190.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Ondřej\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 13:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Nová poznámka - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Oříznout tuto stránku - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Vystřihnout obrázek - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Vystřihnout URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Výběr oříznutí - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\byk8mtvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1426672966-227001833-1565962590-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*s*S7w\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\users\Ondc:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
**************************************************************************
.
Celkový čas: 2014-05-03 22:39:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-03 20:39
ComboFix2.txt 2014-05-03 19:09
.
Před spuštěním: 6 236 184 576
Po spuštění: 6 076 039 168
.
- - End Of File - - 13E182AC0B22671E3AF3226E0FC6E6C7
A36C5E4F47E84449FF07ED3517B43A31

Nastala nějaká změna?

Nenastala, okno pořád vyskakuje

V kterém souboru se Kryptik vyskytuje?

To nevím, jak to mohu zjistit?

Eset hlásí při každé změně stránky:
Objekt:
http://utils.cdneurope.com/js/mo.js
Infiltrace:
JS/Kryptik.I trojský kůň
Info:
přerušeno spojení - uložen do karantény

V eset logu je:

3.5.2014 23:57:35 HTTP filtr archiv http://utils.cdneurope.com/js/mo.js JS/Kryptik.I trojský kůň přerušeno spojení - uložen do karantény Ondrej\Ondřej Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files (x86)\Mozilla Firefox\firefox.exe.

Aha. Tak to je hlášení Esetu, že stránku zablokoval:

přerušeno spojení - uložen do karantény

Karanténu smažte.

Už je to v pořádku,

Děkuju moc!!!

Rádo se stalo!