VIRY.CZ

Dobrý den,

už nějakou dobu trpím tím, že při hraní online hry Guild wars 2 a také při používání programu Skype se mi počítač neustále odpojuje ze serveru, případně se mi vypne skype. Když jsem tento problém řešil s podporou této online hry, bylo mi řečeno, že mám kontaktovat zprostředkovatele internetu. Ten mi řekl, že problém není na jeho straně a že mi "z počítače něco neustále v cyklech odchází". S těmito slovy se na mě "vykašlal". Šlo by prosím zjistit, jestli nemám v počítači nějaký malware? Microsoft Security Essentials nic nehlásí.

Přikládám log z FRST, jak jsem se dočetl a děkuji předem za jakoukoliv pomoc.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Avelyn (administrator) on SUN on 01-06-2014 19:57:10
Running from C:\Users\Avelyn\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) F:\Hry\Smite\HiPatchService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Electronic Arts) F:\Origin\Origin.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Electronic Arts) F:\Origin\OriginClientService.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Avelyn\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [790552 2007-04-26] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKU\S-1-5-21-4070159930-2613383080-387905723-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-4070159930-2613383080-387905723-1000\...\Run: [nvwiz] => C:\ProgramData\nvwiz.exe [498688 2011-08-25] ( )
HKU\S-1-5-21-4070159930-2613383080-387905723-1000\...\Run: [Crystal.exe] => C:\Users\Avelyn\AppData\Roaming\Crystal.exe
HKU\S-1-5-21-4070159930-2613383080-387905723-1000\...\Run: [Google Update] => C:\Users\Avelyn\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-10] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Guild Wars 2.lnk
ShortcutTarget: Guild Wars 2.lnk -> F:\Hry\Guild Wars 2\Gw2.exe (ArenaNet)

==================== Internet (Whitelisted) ====================

ProxyServer: 210.176.171.237:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4F41949C90C4CA01
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove Folder Synchronization - {26D101C4-5D06-68AF-0F94-4E0850044D93} - No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43BA5257-1722-48B6-B354-1C8685988E20}: [NameServer]10.157.0.1,10.157.0.128

FireFox:
========
FF ProfilePath: C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jan707m2.default-1360586586492
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=v ... 1378553882
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: http://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Avelyn\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Avelyn\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Avelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\searchplugins\searchplugins-backup
FF Extension: Xmarks - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\foxmarks@kei.com [2012-03-14]
FF Extension: Personas - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\personas@christopher.beard [2011-03-12]
FF Extension: GodofWar - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF} [2010-03-27]
FF Extension: Greasemonkey - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-05-21]
FF Extension: gTranslate - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2011-10-04]
FF Extension: DownThemAll! - C:\Users\Avelyn\AppData\Roaming\Mozilla\Firefox\Profiles\10l4v148.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-11-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2010-01-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-01-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010-04-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=v ... 1378553347"
CHR Plugin: (Shockwave Flash) - C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Avelyn\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Avelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Avelyn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Avelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-11]
CHR Extension: (Peněženka Google) - C:\Users\Avelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Avelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-30]

==================== Services (Whitelisted) =================

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2012-05-07] (Protection Technology)
S3 DAUpdaterSvc; F:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
U2 HiPatchService; F:\Hry\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-03] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2012-05-07] (Protection Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-10] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-10] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsl5c47ee43; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A20909DC-17DD-4A37-B257-965AD9B27FE9}\MpKsl5c47ee43.sys [45352 2014-06-01] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-05] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)
U3 a7tkj0li; C:\Windows\System32\Drivers\a7tkj0li.sys [0 ] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-01 19:57 - 2014-06-01 19:57 - 00025469 _____ () C:\Users\Avelyn\Desktop\FRST.txt
2014-06-01 19:56 - 2014-06-01 19:57 - 00000000 ____D () C:\FRST
2014-06-01 19:56 - 2014-06-01 19:56 - 00112640 _____ (forum.viry.cz) C:\Users\Avelyn\Desktop\FRSTLauncher.exe
2014-06-01 19:55 - 2014-06-01 19:55 - 00000000 __SHD () C:\Users\Avelyn\AppData\Local\EmieUserList
2014-06-01 19:55 - 2014-06-01 19:55 - 00000000 __SHD () C:\Users\Avelyn\AppData\Local\EmieSiteList
2014-06-01 19:55 - 2014-06-01 19:54 - 02067456 _____ (Farbar) C:\Users\Avelyn\Desktop\FRST64.exe
2014-06-01 19:54 - 2014-06-01 19:54 - 02067456 _____ (Farbar) C:\Users\Avelyn\Downloads\FRST64.exe
2014-06-01 19:54 - 2014-06-01 19:54 - 00112640 _____ (forum.viry.cz) C:\Users\Avelyn\Downloads\Nepotvrzeno 409594.crdownload
2014-05-26 21:16 - 2014-05-26 21:16 - 04134452 _____ ( ) C:\Users\Avelyn\Downloads\ME3Cz_78 (1).exe
2014-05-26 21:14 - 2014-05-26 21:14 - 03606143 _____ ( ) C:\Users\Avelyn\Desktop\ME3Cz_70.exe
2014-05-26 21:14 - 2014-05-26 21:14 - 03517282 _____ () C:\Users\Avelyn\Downloads\mass_effect3_cz (3).zip
2014-05-26 20:47 - 2014-05-26 20:47 - 01039267 _____ () C:\Users\Avelyn\Downloads\Sopka Pinatubo.pptm
2014-05-26 20:43 - 2014-05-26 20:43 - 00348396 _____ () C:\Users\Avelyn\Downloads\Gobi (1).pptx
2014-05-24 20:26 - 2014-05-24 20:30 - 231211872 _____ (NVIDIA Corporation) C:\Users\Avelyn\Downloads\337.50-desktop-win8-win7-winvista-64bit-english-beta.exe
2014-05-24 18:17 - 2014-05-24 18:18 - 01703791 _____ () C:\Users\Avelyn\Downloads\Divine_Divinity_CZ.zip
2014-05-22 17:51 - 2014-05-22 17:51 - 00048221 _____ () C:\Users\Avelyn\Downloads\Staxus - Bareback Monster Cocks - Big Tools.avi.torrent
2014-05-22 16:17 - 2014-05-28 21:07 - 00000000 ____D () C:\Users\Avelyn\Documents\FIFA World
2014-05-22 16:17 - 2014-05-22 16:17 - 00000642 _____ () C:\Users\Public\Desktop\EA Sports FIFA World.lnk
2014-05-22 16:17 - 2014-05-22 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-05-20 21:01 - 2014-05-20 21:01 - 00002902 _____ () C:\Users\Avelyn\Desktop\206-127-159-204.plaync.com.pp2
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\PingPlotter
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\Program Files (x86)\PingPlotter Standard
2014-05-20 20:21 - 2014-05-19 08:21 - 00000044 ____H () C:\Program Files (x86)\3a367bb3.tmp
2014-05-20 20:18 - 2014-05-20 20:19 - 03695984 _____ () C:\Users\Avelyn\Downloads\pngplt_std.exe
2014-05-18 22:18 - 2014-05-18 22:18 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\Home_GMS_v14x
2014-05-15 20:55 - 2014-05-15 20:48 - 00174302 _____ () C:\Users\Avelyn\Desktop\Guild Wars 2 Test.txt
2014-05-15 20:48 - 2014-05-15 20:48 - 00031961 _____ () C:\Users\Avelyn\Downloads\Guild Wars 2 Test.zip
2014-05-15 20:37 - 2014-05-15 20:37 - 01042736 _____ (NC Interactive.) C:\Users\Avelyn\Downloads\GameAdvisor.exe
2014-05-14 19:28 - 2014-05-14 19:34 - 00000000 ____D () C:\Users\Avelyn\Documents\BattleWorldsKronos
2014-05-14 19:26 - 2014-05-14 19:28 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\BattleWorldsKronos
2014-05-14 19:15 - 2014-05-14 19:15 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\cache
2014-05-14 19:13 - 2014-05-14 19:13 - 00000817 _____ () C:\Users\Public\Desktop\Battle Worlds - Kronos.lnk
2014-05-14 15:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 15:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 15:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 15:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 15:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 15:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 14:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 14:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 14:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 14:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 14:17 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 14:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 14:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 14:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 14:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 14:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 14:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 14:17 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 14:17 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 14:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 14:17 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 14:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 14:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 14:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 14:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 14:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 14:17 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 14:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 14:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 14:05 - 2014-05-14 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 14:05 - 2014-05-14 14:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 22:43 - 2014-05-13 22:43 - 00000782 _____ () C:\Users\Public\Desktop\FTL - Advanced Edition.lnk
2014-05-08 18:29 - 2014-05-08 18:31 - 00000904 _____ () C:\Users\Avelyn\Desktop\FInanční analýza společnosti - abstrakt.txt
2014-05-06 22:44 - 2014-05-14 23:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 19:02 - 2014-05-05 19:02 - 00057632 _____ () C:\Users\Avelyn\Downloads\Game-of-Thrones-S04E03(0000235434).srt
2014-05-03 15:29 - 2014-05-03 15:29 - 00000000 ____D () C:\Users\Avelyn\Desktop\Child of Light artwork
2014-05-03 15:27 - 2014-05-03 15:27 - 12094745 _____ () C:\Users\Avelyn\Downloads\Pack2.ZIP

==================== One Month Modified Files and Folders =======

2014-06-01 19:58 - 2009-11-30 17:13 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\Temp
2014-06-01 19:57 - 2014-06-01 19:57 - 00025469 _____ () C:\Users\Avelyn\Desktop\FRST.txt
2014-06-01 19:57 - 2014-06-01 19:56 - 00000000 ____D () C:\FRST
2014-06-01 19:56 - 2014-06-01 19:56 - 00112640 _____ (forum.viry.cz) C:\Users\Avelyn\Desktop\FRSTLauncher.exe
2014-06-01 19:55 - 2014-06-01 19:55 - 00000000 __SHD () C:\Users\Avelyn\AppData\Local\EmieUserList
2014-06-01 19:55 - 2014-06-01 19:55 - 00000000 __SHD () C:\Users\Avelyn\AppData\Local\EmieSiteList
2014-06-01 19:54 - 2014-06-01 19:55 - 02067456 _____ (Farbar) C:\Users\Avelyn\Desktop\FRST64.exe
2014-06-01 19:54 - 2014-06-01 19:54 - 02067456 _____ (Farbar) C:\Users\Avelyn\Downloads\FRST64.exe
2014-06-01 19:54 - 2014-06-01 19:54 - 00112640 _____ (forum.viry.cz) C:\Users\Avelyn\Downloads\Nepotvrzeno 409594.crdownload
2014-06-01 19:42 - 2012-06-13 15:20 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 19:20 - 2010-01-10 18:12 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000UA.job
2014-06-01 16:56 - 2009-11-30 17:12 - 01124383 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 10:18 - 2009-12-01 19:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-01 08:52 - 2012-01-17 20:16 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 08:48 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 08:48 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 08:46 - 2013-08-27 17:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-01 08:45 - 2013-02-22 21:07 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\LogMeIn Hamachi
2014-06-01 08:41 - 2010-10-07 18:17 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-01 08:40 - 2013-08-11 17:29 - 00027910 _____ () C:\Windows\setupact.log
2014-06-01 08:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 22:44 - 2009-12-06 22:27 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2944FF14-FA94-4B34-B79B-EB176AD0A559}
2014-05-31 20:32 - 2010-01-10 18:12 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000Core.job
2014-05-31 17:31 - 2010-10-27 21:05 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\vlc
2014-05-28 21:07 - 2014-05-22 16:17 - 00000000 ____D () C:\Users\Avelyn\Documents\FIFA World
2014-05-26 21:16 - 2014-05-26 21:16 - 04134452 _____ ( ) C:\Users\Avelyn\Downloads\ME3Cz_78 (1).exe
2014-05-26 21:14 - 2014-05-26 21:14 - 03606143 _____ ( ) C:\Users\Avelyn\Desktop\ME3Cz_70.exe
2014-05-26 21:14 - 2014-05-26 21:14 - 03517282 _____ () C:\Users\Avelyn\Downloads\mass_effect3_cz (3).zip
2014-05-26 20:48 - 2009-11-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-26 20:47 - 2014-05-26 20:47 - 01039267 _____ () C:\Users\Avelyn\Downloads\Sopka Pinatubo.pptm
2014-05-26 20:47 - 2009-12-03 01:03 - 00094720 _____ () C:\Users\Avelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 20:43 - 2014-05-26 20:43 - 00348396 _____ () C:\Users\Avelyn\Downloads\Gobi (1).pptx
2014-05-24 20:30 - 2014-05-24 20:26 - 231211872 _____ (NVIDIA Corporation) C:\Users\Avelyn\Downloads\337.50-desktop-win8-win7-winvista-64bit-english-beta.exe
2014-05-24 18:18 - 2014-05-24 18:17 - 01703791 _____ () C:\Users\Avelyn\Downloads\Divine_Divinity_CZ.zip
2014-05-24 16:50 - 2009-12-19 18:38 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-24 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-22 18:04 - 2009-12-19 23:31 - 00000000 ____D () C:\uTorrent
2014-05-22 17:51 - 2014-05-22 17:51 - 00048221 _____ () C:\Users\Avelyn\Downloads\Staxus - Bareback Monster Cocks - Big Tools.avi.torrent
2014-05-22 16:17 - 2014-05-22 16:17 - 00000642 _____ () C:\Users\Public\Desktop\EA Sports FIFA World.lnk
2014-05-22 16:17 - 2014-05-22 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-05-22 16:17 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-22 16:16 - 2013-08-12 17:56 - 00740368 _____ () C:\Windows\DirectX.log
2014-05-20 21:01 - 2014-05-20 21:01 - 00002902 _____ () C:\Users\Avelyn\Desktop\206-127-159-204.plaync.com.pp2
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\PingPlotter
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
2014-05-20 20:21 - 2014-05-20 20:21 - 00000000 ____D () C:\Program Files (x86)\PingPlotter Standard
2014-05-20 20:20 - 2011-07-21 21:21 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\Downloaded Installations
2014-05-20 20:19 - 2014-05-20 20:18 - 03695984 _____ () C:\Users\Avelyn\Downloads\pngplt_std.exe
2014-05-19 08:21 - 2014-05-20 20:21 - 00000044 ____H () C:\Program Files (x86)\3a367bb3.tmp
2014-05-18 22:18 - 2014-05-18 22:18 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\Home_GMS_v14x
2014-05-18 09:41 - 2014-04-14 20:52 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\Guild Wars 2
2014-05-17 18:46 - 2011-12-07 18:26 - 00000000 ____D () C:\Users\Avelyn\AppData\Roaming\Trine2
2014-05-15 20:48 - 2014-05-15 20:55 - 00174302 _____ () C:\Users\Avelyn\Desktop\Guild Wars 2 Test.txt
2014-05-15 20:48 - 2014-05-15 20:48 - 00031961 _____ () C:\Users\Avelyn\Downloads\Guild Wars 2 Test.zip
2014-05-15 20:37 - 2014-05-15 20:37 - 01042736 _____ (NC Interactive.) C:\Users\Avelyn\Downloads\GameAdvisor.exe
2014-05-15 14:14 - 2009-11-30 17:13 - 00000000 ___RD () C:\Users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 14:14 - 2009-11-30 17:13 - 00000000 ___RD () C:\Users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 23:42 - 2014-05-06 22:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 19:34 - 2014-05-14 19:28 - 00000000 ____D () C:\Users\Avelyn\Documents\BattleWorldsKronos
2014-05-14 19:28 - 2014-05-14 19:26 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\BattleWorldsKronos
2014-05-14 19:15 - 2014-05-14 19:15 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\cache
2014-05-14 19:13 - 2014-05-14 19:13 - 00000817 _____ () C:\Users\Public\Desktop\Battle Worlds - Kronos.lnk
2014-05-14 19:13 - 2010-11-20 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-14 15:24 - 2013-08-14 15:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 15:07 - 2009-12-01 00:54 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:42 - 2012-06-13 15:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 14:42 - 2012-06-13 15:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 14:42 - 2012-06-13 15:20 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 14:05 - 2014-05-14 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 14:05 - 2014-05-14 14:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 22:45 - 2009-12-02 21:19 - 00000000 ____D () C:\Users\Avelyn\Documents\My Games
2014-05-13 22:43 - 2014-05-13 22:43 - 00000782 _____ () C:\Users\Public\Desktop\FTL - Advanced Edition.lnk
2014-05-12 18:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 15:43 - 2012-05-25 14:30 - 00000000 ____D () C:\Users\Avelyn\AppData\Local\GOG.com
2014-05-11 22:09 - 2009-07-14 17:18 - 00724284 _____ () C:\Windows\system32\perfh005.dat
2014-05-11 22:09 - 2009-07-14 17:18 - 00164196 _____ () C:\Windows\system32\perfc005.dat
2014-05-11 22:09 - 2009-07-14 07:13 - 01743452 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 08:14 - 2014-05-14 14:17 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 14:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:15 - 2010-01-10 18:12 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000UA
2014-05-08 20:15 - 2010-01-10 18:12 - 00003546 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000Core
2014-05-08 18:31 - 2014-05-08 18:29 - 00000904 _____ () C:\Users\Avelyn\Desktop\FInanční analýza společnosti - abstrakt.txt
2014-05-08 16:51 - 2014-04-17 00:24 - 00000000 ____D () C:\Users\Avelyn\Documents\Larian Studios
2014-05-06 06:40 - 2014-05-14 15:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 15:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 15:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 15:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 15:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 15:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:02 - 2014-05-05 19:02 - 00057632 _____ () C:\Users\Avelyn\Downloads\Game-of-Thrones-S04E03(0000235434).srt
2014-05-03 19:16 - 2011-11-18 11:51 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-05-03 15:29 - 2014-05-03 15:29 - 00000000 ____D () C:\Users\Avelyn\Desktop\Child of Light artwork
2014-05-03 15:27 - 2014-05-03 15:27 - 12094745 _____ () C:\Users\Avelyn\Downloads\Pack2.ZIP

Files to move or delete:
====================
C:\ProgramData\nvwiz.exe

Some content of TEMP:
====================
C:\Users\Avelyn\AppData\Local\Temp\Gw2.exe
C:\Users\Avelyn\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Avelyn\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000Core.job => C:\Users\Avelyn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000UA.job => C:\Users\Avelyn\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Avelyn\Desktop" je 289 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service
"C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat
"C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Zdravím!
Zkusíme PC vyčistit. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-4070159930-2613383080-387905723-1000\...\Run: [Crystal.exe] => C:\Users\Avelyn\AppData\Roaming\Crystal.exe
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_m ... 1378553882
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2010-01-17]
CHR StartupUrls: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=v ... 1378553347"
C:\Program Files (x86)\3a367bb3.tmp
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070159930-2613383080-387905723-1000Core.job
C:\ProgramData\nvwiz.exe
C:\Users\Avelyn\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Log jsem musel dát do přílohy, byl příliš dlouhý.

Smazáno. Nastala nějaká změna?

Pořád stejné, odpojuje mě to zhruba každých 10 minut ze serveru a ten packet loss je tam tím pádem pořád

Zkuste restartovat modem, příp. další síť prvek v datové cestě.

Mám router a přes něj připojená další zařízení. Jak jej mám restartovat? Vypnout ze zásuvky a zase zapnout? Nebo nějaký speciální postup?

Ano, vypnout a zapnout (po cca 20s).

Pořád stejné, žádná změna.

Zkuste obnovu systému k datu, kdy korektně fungoval, pokud to nebude možné, či se stav nezmění, dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Bohužel už nejsem schopný zjistit, kdy to přesně začalo dělat, já jsem si toho totiž původně ani nevšiml, dokud mě to nezačalo odpojovat od toho serveru a nezačal jsem mít problémy se skypem.
Takže jsem provedl combofix podle návodu a zde je log:

ComboFix 14-05-29.01 - Avelyn 02.06.2014 18:55:05.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2662 [GMT 2:00]
Spuštěný z: c:\users\Avelyn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Avelyn\AppData\Local\DProtect
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-02 do 2014-06-02 )))))))))))))))))))))))))))))))
.
.
2014-06-02 15:59 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F90DBDFE-9561-494C-A974-85EB6FB0E83C}\mpengine.dll
2014-06-01 20:08 . 2014-06-02 17:10 -------- d-----w- c:\users\Avelyn\AppData\Local\Temp
2014-06-01 17:56 . 2014-06-01 19:31 -------- d-----w- C:\FRST
2014-06-01 17:55 . 2014-06-01 17:55 -------- d-sh--w- c:\users\Avelyn\AppData\Local\EmieUserList
2014-06-01 17:55 . 2014-06-01 17:55 -------- d-sh--w- c:\users\Avelyn\AppData\Local\EmieSiteList
2014-06-01 14:55 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-25 18:16 . 2014-05-02 20:25 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A312F4C2-B6A7-4C79-A320-76775D3BDB38}\gapaengine.dll
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-----w- c:\program files (x86)\PingPlotter Standard
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-----w- c:\users\Avelyn\AppData\Roaming\PingPlotter
2014-05-18 20:18 . 2014-05-18 20:18 -------- d-----w- c:\users\Avelyn\AppData\Local\Home_GMS_v14x
2014-05-14 17:26 . 2014-05-14 17:28 -------- d-----w- c:\users\Avelyn\AppData\Local\BattleWorldsKronos
2014-05-14 17:15 . 2014-05-14 17:15 -------- d-----w- c:\users\Avelyn\AppData\Local\cache
2014-05-14 13:28 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 13:28 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 13:28 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 13:28 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 12:05 . 2014-05-14 12:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 20:44 . 2014-05-14 21:42 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 13:07 . 2009-11-30 22:54 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 12:42 . 2012-06-13 13:20 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:42 . 2012-06-13 13:20 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 20:25 . 2012-02-10 10:43 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-11 07:52 . 2011-04-27 14:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-22 20:51 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-22 20:51 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-22 20:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-22 20:51 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-22 20:51 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-22 20:51 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-22 20:51 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-22 20:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-22 20:51 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-22 20:51 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-22 20:51 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-22 20:51 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-22 20:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-22 20:51 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-22 20:51 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-22 20:51 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-22 20:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-22 20:51 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-22 20:51 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-22 20:51 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-22 20:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-22 20:51 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-22 20:51 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-22 20:51 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-22 20:51 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-22 20:51 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-22 20:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-22 20:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-22 20:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-22 20:51 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-22 20:51 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-22 20:51 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-22 20:51 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Guild Wars 2.lnk - f:\hry\Guild Wars 2\Gw2.exe [2014-4-14 25968120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AirServer"="c:\program files (x86)\AirServer\AirServer\AirServer.exe"
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc;c:\windows\SYSNATIVE\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\hry\Smite\HiPatchService.exe;f:\hry\Smite\HiPatchService.exe [x]
R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;f:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;f:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys;c:\program files (x86)\Garena\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys;c:\windows\SYSNATIVE\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys;c:\windows\SYSNATIVE\DRIVERS\s115obex.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys;c:\windows\SYSNATIVE\Drivers\appdrv01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 12:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 790552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 210.176.171.237:8080
mCustomizeSearch = hxxp://google.com
mSearchAssistant = hxxp://google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{43BA5257-1722-48B6-B354-1C8685988E20}: NameServer = 10.157.0.1,10.157.0.128
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{26D101C4-5D06-68AF-0F94-4E0850044D93} - (no file)
Wow6432Node-HKCU-Run-nvwiz - c:\programdata\nvwiz.exe
AddRemove-BGCZ - f:\hry\Baldurs Gate\čeština\data\Setup.exe
AddRemove-Darksiders II_is1 - f:\hry\Darksiders II\unins000.exe
AddRemove-HijackThis - c:\program files (x86)\trend micro\HijackThis.exe
AddRemove-The Book Of Unwritten Tales - Demo_is1 - f:\hry\Book of Unwritten Tales - Demo\unins000.exe
AddRemove-{6J9IL70L-T4D4-75B1-97C5-1HJ16E633S4R1}_is1 - f:\hry\Cursed Crusade\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.flc"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fli"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.smi"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.smil"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8FC1676F-3EA8-6183-B886-81BACF52888A}*]
"iaakhpndlacfeikjne"=hex:66,61,63,62,6d,65,6e,6e,6c,6d,68,6f,00,00
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:8f,71,6f,db,88,e0,4b,6a,22,44,b7,aa,54,16,5c,b0,a3,26,2e,10,17,b1,eb,
1e,fb,6e,68,26,67,48,52,46,7b,90,d7,26,bb,f3,57,b9,12,72,2a,88,01,ce,a5,4d,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,1f,20,17,1b,61,ee,54,74,35,a4,04,4f,50,f3,ce,fe,60,8d,13,55,
1f,f0,31,9e,dc,33,93,03,de,27,6e,05,1d,72,50,3d,f9,e1,81,c3,6c,67,f5,72,2a,\
"rkeysecu"=hex:02,59,55,cc,d4,66,de,5b,e5,38,96,e8,5f,a2,14,7c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Celkový čas: 2014-06-02 19:24:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-02 17:24
.
Před spuštěním: Volných bajtů: 60 036 169 728
Po spuštění: Volných bajtů: 59 954 233 344
.
- - End Of File - - C896BFA7F8468355BCB42B0F8F3C60D8
A36C5E4F47E84449FF07ED3517B43A31

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Shell [HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

ulořte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spstí a vykoná příkazy ze skriptu.

Obrázek

Provedeno a další log:

ComboFix 14-05-29.01 - Avelyn 02.06.2014 20:29:31.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2411 [GMT 2:00]
Spuštěný z: c:\users\Avelyn\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Avelyn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-02 do 2014-06-02 )))))))))))))))))))))))))))))))
.
.
2014-06-02 18:42 . 2014-06-02 18:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-02 18:42 . 2014-06-02 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-02 17:47 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEE16BB0-3D04-4F87-A7DC-B1FB46CAB11C}\mpengine.dll
2014-06-01 20:08 . 2014-06-02 18:45 -------- d-----w- c:\users\Avelyn\AppData\Local\Temp
2014-06-01 17:56 . 2014-06-01 19:31 -------- d-----w- C:\FRST
2014-06-01 17:55 . 2014-06-01 17:55 -------- d-sh--w- c:\users\Avelyn\AppData\Local\EmieUserList
2014-06-01 17:55 . 2014-06-01 17:55 -------- d-sh--w- c:\users\Avelyn\AppData\Local\EmieSiteList
2014-06-01 14:55 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-25 18:16 . 2014-05-02 20:25 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A312F4C2-B6A7-4C79-A320-76775D3BDB38}\gapaengine.dll
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-----w- c:\program files (x86)\PingPlotter Standard
2014-05-20 18:21 . 2014-05-20 18:21 -------- d-----w- c:\users\Avelyn\AppData\Roaming\PingPlotter
2014-05-18 20:18 . 2014-05-18 20:18 -------- d-----w- c:\users\Avelyn\AppData\Local\Home_GMS_v14x
2014-05-14 17:26 . 2014-05-14 17:28 -------- d-----w- c:\users\Avelyn\AppData\Local\BattleWorldsKronos
2014-05-14 17:15 . 2014-05-14 17:15 -------- d-----w- c:\users\Avelyn\AppData\Local\cache
2014-05-14 13:28 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 13:28 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 13:28 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 13:28 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 12:05 . 2014-05-14 12:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 20:44 . 2014-05-14 21:42 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 13:07 . 2009-11-30 22:54 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 12:42 . 2012-06-13 13:20 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:42 . 2012-06-13 13:20 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 20:25 . 2012-02-10 10:43 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-11 07:52 . 2011-04-27 14:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-22 20:51 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-22 20:51 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-22 20:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-22 20:51 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-22 20:51 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-22 20:51 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-22 20:51 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-22 20:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-22 20:51 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-22 20:51 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-22 20:51 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-22 20:51 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-22 20:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-22 20:51 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-22 20:51 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-22 20:51 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-22 20:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-22 20:51 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-22 20:51 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-22 20:51 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-22 20:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-22 20:51 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-22 20:51 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-22 20:51 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-22 20:51 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-22 20:51 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-22 20:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-22 20:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-22 20:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-22 20:51 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-22 20:51 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-22 20:51 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-22 20:51 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\users\Avelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Guild Wars 2.lnk - f:\hry\Guild Wars 2\Gw2.exe [2014-4-14 25968120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AirServer"="c:\program files (x86)\AirServer\AirServer\AirServer.exe"
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc;c:\windows\SYSNATIVE\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;f:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;f:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys;c:\program files (x86)\Garena\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys;c:\windows\SYSNATIVE\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys;c:\windows\SYSNATIVE\DRIVERS\s115obex.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys;c:\windows\SYSNATIVE\Drivers\appdrv01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 12:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 790552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 210.176.171.237:8080
mCustomizeSearch = hxxp://google.com
mSearchAssistant = hxxp://google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{43BA5257-1722-48B6-B354-1C8685988E20}: NameServer = 10.157.0.1,10.157.0.128
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{26D101C4-5D06-68AF-0F94-4E0850044D93} - (no file)
AddRemove-BGCZ - f:\hry\Baldurs Gate\čeština\data\Setup.exe
AddRemove-Darksiders II_is1 - f:\hry\Darksiders II\unins000.exe
AddRemove-HijackThis - c:\program files (x86)\trend micro\HijackThis.exe
AddRemove-The Book Of Unwritten Tales - Demo_is1 - f:\hry\Book of Unwritten Tales - Demo\unins000.exe
AddRemove-{6J9IL70L-T4D4-75B1-97C5-1HJ16E633S4R1}_is1 - f:\hry\Cursed Crusade\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.flc"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fli"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.smi"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.smil"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-4070159930-2613383080-387905723-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8FC1676F-3EA8-6183-B886-81BACF52888A}*]
"iaakhpndlacfeikjne"=hex:66,61,63,62,6d,65,6e,6e,6c,6d,68,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Celkový čas: 2014-06-02 21:00:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-02 19:00
ComboFix2.txt 2014-06-02 17:24
.
Před spuštěním: Volných bajtů: 59 791 470 592
Po spuštění: Volných bajtů: 59 709 927 424
.
- - End Of File - - 752E97920504140252D00FD356B33539
A36C5E4F47E84449FF07ED3517B43A31

Vše smazáno, PC je po virové stránce čistý. Nastala nějaká změna?

A byly v něm, prosím, nějaké viry, které by mohly ovlivňovat můj problém? Od serveru mě to zatím neodpojilo, ale mírné lagy jsou stále, ještě to zkusím pořádně otestovat zítra. Jediná změna, co jsem si všiml je, že když začínají lagy (tzn. ten packer loss) a přepnu se do windows a zase zpátky, tak zmizí. Z toho už jsem zmatený úplně.

VIRY.CZ

Packet lossy a ztráta připojení k serveru

Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru

Re: Packet lossy a ztráta připojení k serveru