Viry v notebooku a na připojených zařízeních

[McBright]

Dobrý den,
chtěl bych Vás moc poprosit, zda-li by bylo možné zjistit a odstranit viry, které mám v notebooku a také v zařízeních, které připojím k notebooku? Když připojím flešku, tak se mi ze všech souborů na flešce staly zástupci. To samé platí i o mobilním telefonu, který jsem připojil jako paměťové zařízení (nerad bych o data v telefonu a v notebooku přišel, flešku jsem zformátoval, ale nepomohlo). Podobný problém jsem našel zde na fóru viz. http://forum.viry.cz/viewtopic.php?f=13 ... 8&start=30

Děkuji za ochotu

[vyosek]

Zdravim

Zacneme logem z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

[McBright]

Logfile of random's system information tool 1.10 (written by random/random)
Run by McBright at 2014-05-29 09:40:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 36 GB (5%) free of 699 GB
Total RAM: 8174 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:41, on 29.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\McBright.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: PDF Architect 2 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\ws.exe
O23 - Service: pdfforge CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11638 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-79f8198e-03e5-40ea-bbd8-349c74dab689 -SystemEventPortName:HostProcess-aa584cdd-ba8b-414f-90d7-0cc68a8b0b42 -IoCancelEventPortName:HostProcess-4ac666af-4874-41a1-8339-a2964f41c9e9 -NonStateChangingEventPortName:HostProcess-e3c06879-3700-44a7-b442-0d6d558491f5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8f936e9e-6191-40ac-859e-12acd019a957 -DeviceGroupId:WpdFsGroup
taskeng.exe {E3313044-C6E6-4980-A00D-BBBFA06F656B}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Windows\System32\StikyNot.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Dolby PCEE4\pcee4.exe" -autostart
"C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HydraDM64.exe -h:66240 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4952.0.2096156334\1882038637" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15 --gpu-vendor-id=0x1002 --gpu-device-id=0x68a8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.100.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group14 pct:1e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4952.1.2127580152\200602477" /prefetch:673131151
"C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group14 pct:1e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A2_Stable_R1/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4952.3.231804161\1173092700" /prefetch:673131151
"C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group14 pct:1e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/NewSuggestType_A2_Stable_R1/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4952.4.159845181\126064236" /prefetch:673131151

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\McBright\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job - C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job - C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-25 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-09-16 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-25 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-09-16 976032]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-09-16 799904]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-11-12 2588968]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-08-16 2277480]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-08-02 1831016]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-25 116648]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2013-11-22 389120]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"Dolby Advanced Audio v2"=C:\Dolby PCEE4\pcee4.exe [2011-06-01 506712]
"ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-08-26 177448]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-26 3888648]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-29 09:40:23 ----D---- C:\rsit
2014-05-29 09:40:23 ----D---- C:\Program Files\trend micro
2014-05-26 22:48:15 ----D---- C:\Program Files (x86)\Ubisoft
2014-05-20 16:44:39 ----D---- C:\Program Files (x86)\Teplo 2010
2014-05-18 14:59:45 ----A---- C:\Windows\system32\hpinkstsAD11LM.dll
2014-05-18 14:59:45 ----A---- C:\Windows\system32\hpinkinsAD11.exe
2014-05-18 14:59:45 ----A---- C:\Windows\system32\hpinkcoiAD11.dll
2014-05-16 00:07:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-16 00:07:08 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-16 00:07:08 ----A---- C:\Windows\system32\mshtml.dll
2014-05-16 00:07:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-16 00:07:02 ----D---- C:\Program Files\Common Files\DESIGNER
2014-05-15 13:56:04 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 13:56:03 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 13:55:59 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 13:55:59 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 13:55:42 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 13:55:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-15 13:55:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-15 13:55:41 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 13:55:41 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 13:55:41 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 13:55:41 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 13:55:41 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 13:55:40 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 13:55:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 13:55:39 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 13:55:39 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 13:55:38 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 13:55:38 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 13:55:37 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-15 13:55:37 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 13:55:37 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-15 13:55:37 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 13:55:37 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 13:55:37 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 13:55:37 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 13:55:37 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 13:55:37 ----A---- C:\Windows\system32\credssp.dll
2014-05-14 20:02:59 ----D---- C:\Users\McBright\AppData\Roaming\PDF Architect 2
2014-05-14 20:00:52 ----D---- C:\Program Files (x86)\PDF Architect 2
2014-05-14 19:59:59 ----D---- C:\ProgramData\PDF Architect 2
2014-05-14 19:59:50 ----D---- C:\Users\McBright\AppData\Roaming\pdfforge
2014-05-14 19:59:49 ----A---- C:\Windows\system32\pdfcmon.dll
2014-05-14 19:59:48 ----A---- C:\Windows\SYSWOW64\MSMPIDE.DLL
2014-05-14 19:59:47 ----D---- C:\Program Files (x86)\PDFCreator
2014-05-03 11:15:30 ----SD---- C:\Windows\system32\CompatTel
2014-05-02 20:59:00 ----D---- C:\ProgramData\ATI
2014-05-02 20:57:53 ----D---- C:\Program Files (x86)\AMD AVT

======List of files/folders modified in the last 1 month======

2014-05-29 09:40:41 ----D---- C:\Windows\Prefetch
2014-05-29 09:40:35 ----D---- C:\Windows\Temp
2014-05-29 09:40:23 ----RD---- C:\Program Files
2014-05-29 09:37:35 ----D---- C:\Windows\system32\config
2014-05-29 09:25:03 ----A---- C:\Windows\SYSWOW64\log.txt
2014-05-29 09:23:35 ----D---- C:\Windows\Tasks
2014-05-29 09:23:35 ----D---- C:\ProgramData\clear.fi
2014-05-29 09:23:04 ----D---- C:\Windows\inf
2014-05-28 19:03:21 ----D---- C:\Windows\System32
2014-05-28 19:03:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-28 18:45:50 ----SHD---- C:\System Volume Information
2014-05-28 18:20:21 ----D---- C:\Windows\system32\drivers
2014-05-28 18:19:16 ----D---- C:\Windows\system32\drivers\UMDF
2014-05-28 18:19:16 ----D---- C:\Windows
2014-05-28 17:58:06 ----D---- C:\Users\McBright\AppData\Roaming\uTorrent
2014-05-28 17:58:06 ----D---- C:\Users\McBright\AppData\Roaming\DAEMON Tools Lite
2014-05-28 17:58:03 ----D---- C:\Windows\Minidump
2014-05-28 17:58:03 ----D---- C:\Windows\Logs
2014-05-28 17:58:03 ----D---- C:\Windows\debug
2014-05-28 08:48:28 ----D---- C:\Windows\system32\Tasks
2014-05-26 23:09:54 ----D---- C:\ProgramData\Orbit
2014-05-26 22:48:15 ----D---- C:\Program Files (x86)
2014-05-26 22:47:58 ----SHD---- C:\Windows\Installer
2014-05-26 22:01:48 ----D---- C:\Hry
2014-05-24 15:24:18 ----D---- C:\Users\McBright\AppData\Roaming\Abvent_Artlantis5
2014-05-20 16:44:40 ----SD---- C:\Users\McBright\AppData\Roaming\Microsoft
2014-05-20 16:44:39 ----D---- C:\Windows\SysWOW64
2014-05-20 16:44:39 ----D---- C:\Program Files (x86)\Common Files
2014-05-18 14:59:50 ----D---- C:\Windows\system32\DriverStore
2014-05-18 13:51:55 ----D---- C:\Windows\system32\catroot2
2014-05-16 14:41:41 ----D---- C:\Windows\rescache
2014-05-16 11:46:00 ----D---- C:\Windows\Microsoft.NET
2014-05-16 11:44:39 ----RSD---- C:\Windows\assembly
2014-05-16 10:40:21 ----D---- C:\Windows\system32\MRT
2014-05-16 10:33:25 ----A---- C:\Windows\system32\MRT.exe
2014-05-16 10:28:02 ----D---- C:\Windows\winsxs
2014-05-16 10:25:29 ----D---- C:\Windows\system32\cs-CZ
2014-05-16 00:07:41 ----D---- C:\ProgramData\Microsoft Help
2014-05-16 00:07:11 ----D---- C:\Windows\system32\catroot
2014-05-16 00:07:02 ----D---- C:\Program Files\Common Files
2014-05-14 21:42:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-14 19:59:59 ----HD---- C:\ProgramData
2014-05-14 12:16:48 ----D---- C:\Users\McBright\AppData\Roaming\Atheros
2014-05-03 22:21:46 ----D---- C:\Users\McBright\AppData\Roaming\vlc
2014-05-02 20:57:54 ----D---- C:\ProgramData\AMD
2014-05-02 20:57:13 ----D---- C:\Program Files\ATI Technologies

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-25 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-25 208416]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-01-13 439320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-11-25 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-25 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-15 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-15 423240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-04-25 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-25 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-15 85328]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-20 56344]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 af6xkils;af6xkils; C:\Windows\system32\drivers\af6xkils.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-25 50344]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-21 76888]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-11-25 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PDF Architect 2;PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [2014-04-30 1716264]
S3 pdfforge CrashHandler;pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [2014-04-30 861736]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-27 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[vyosek]

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

[McBright]

############################## | UsbFix V 7.171 | [Clean]

User: McBright (Administrator) # MCBRIGHT-PC
Updated 18/05/2014 by El Desaparecido - SosVirus
Started at 15:05:13 | 30/05/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://en.kioskea.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Acer (JE70_HR)
CPU: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
RAM -> [Total : 8174 Mo| Free : 6485 Mo]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%SystemDrive%) -> Fixed drive # 683 Gb (31 Mb free - 5%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 12 Gb (1 Mb free - 13%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Removable drive # 15 Gb (4 Mb free - 26%) [] # FAT32
H:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [MCBRIGHT] # FAT32

################## | Stopped processes |

C:\Windows\System32\atiesrxx.exe (ID: 516|ParentID: 804)
C:\Windows\System32\atieclxx.exe (ID: 1344|ParentID: 516)
C:\Windows\System32\spoolsv.exe (ID: 1716|ParentID: 804|SYSTEM)
C:\Windows\System32\taskhost.exe (ID: 1808|ParentID: 804|McBright)
C:\Windows\explorer.exe (ID: 1908|ParentID: 1688|McBright)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2040|ParentID: 804|SYSTEM)
C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ID: 1504|ParentID: 804|SYSTEM)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1664|ParentID: 804|SYSTEM)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 2088|ParentID: 804|SYSTEM)
C:\Program Files (x86)\Launch Manager\LMworker.exe (ID: 2100|ParentID: 1664|McBright)
C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 2148|ParentID: 1664|SYSTEM)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 2156|ParentID: 804|SYSTEM)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 2212|ParentID: 804|SYSTEM)
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (ID: 2272|ParentID: 804|SYSTEM)
C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe (ID: 2296|ParentID: 804|SYSTEM)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 2420|ParentID: 804|SYSTEM)
C:\Windows\System32\taskeng.exe (ID: 3180|ParentID: 1032|McBright)
C:\Windows\System32\rundll32.exe (ID: 3532|ParentID: 996|McBright)
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (ID: 4036|ParentID: 3180|McBright)
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (ID: 4052|ParentID: 3180|McBright)
C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (ID: 4060|ParentID: 2296|SYSTEM)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 1332|ParentID: 804|NETWORK SERVICE)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 660|ParentID: 804|SYSTEM)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID: 3568|ParentID: 1908|McBright)
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ID: 3604|ParentID: 1908|McBright)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3720|ParentID: 1908|McBright)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 3044|ParentID: 1908|McBright)
C:\Windows\System32\SearchIndexer.exe (ID: 1324|ParentID: 804|SYSTEM)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 1004|ParentID: 1908|McBright)
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ID: 4232|ParentID: 1908|McBright)
C:\Windows\System32\StikyNot.exe (ID: 4272|ParentID: 1908|McBright)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID: 4304|ParentID: 1908|McBright)
C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 4368|ParentID: 3720|McBright)
C:\Windows\System32\wbem\unsecapp.exe (ID: 4480|ParentID: 996|McBright)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ID: 4532|ParentID: 4304|McBright)
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (ID: 4844|ParentID: 2088|SYSTEM)
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (ID: 4976|ParentID: 4312|McBright)
C:\Program Files (x86)\Launch Manager\LManager.exe (ID: 4992|ParentID: 4312|McBright)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 5012|ParentID: 4312|McBright)
C:\Dolby PCEE4\pcee4.exe (ID: 5024|ParentID: 4312|McBright)
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (ID: 5048|ParentID: 4312|McBright)
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (ID: 5096|ParentID: 4992|McBright)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5108|ParentID: 4312|McBright)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4312|ParentID: 804|SYSTEM)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5284|ParentID: 804|NETWORK SERVICE)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5612|ParentID: 804|SYSTEM)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 5924|ParentID: 1128|McBright)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 2844|ParentID: 5924|McBright)
C:\Windows\System32\WUDFHost.exe (ID: 2744|ParentID: 932|LOCAL SERVICE)

################## | Autorun |


################## | Generic Research |

Deleted ! E:\.lnk
Deleted ! E:\LOST.DIR.lnk
Deleted ! E:\.face.lnk
Deleted ! E:\Android.lnk
Deleted ! E:\Notifications.lnk
Deleted ! E:\DCIM.lnk
Deleted ! E:\openfeint.lnk
Deleted ! E:\.beintoo.lnk
Deleted ! E:\.adc.lnk
Deleted ! E:\DVR.lnk
Deleted ! E:\Pictures.lnk
Deleted ! E:\.quickdial.lnk
Deleted ! E:\Download.lnk
Deleted ! E:\Playlists.lnk
Deleted ! E:\media.lnk
Deleted ! E:\.doodlemobile_featureviewnew.lnk
Deleted ! E:\Ringtones.lnk
Deleted ! E:\LoquendoTTS.lnk
Deleted ! E:\MxBrowser.lnk
Deleted ! E:\Music.lnk
Deleted ! E:\files.lnk
Deleted ! E:\MzwDownloads.lnk
Deleted ! E:\samsungapps.lnk
Deleted ! E:\.PolarisViewer4.lnk
Deleted ! E:\.clipboard.lnk
Deleted ! E:\Sounds.lnk
Deleted ! E:\com.zinio.samsung.android.lnk
Deleted ! E:\clipart.lnk
Deleted ! E:\Bluetooth.lnk
Deleted ! E:\log.lnk
Deleted ! E:\MoreExchange.lnk
Deleted ! E:\Halfbrick.lnk
Deleted ! E:\panoramas.lnk
Deleted ! E:\Nearby.lnk
Deleted ! E:\dfp.lnk
Deleted ! E:\AllsharePlayLog.lnk
Deleted ! E:\MzwBackup.lnk
Deleted ! E:\Themestore.lnk
Deleted ! E:\EditedOnlinePhotos.lnk
Deleted ! E:\LazyList.lnk
Deleted ! E:\mountainbikePRO.lnk
Deleted ! E:\GoStore.lnk
Deleted ! E:\GOLauncherEX.lnk
Deleted ! E:\AppGame.lnk
Deleted ! E:\.goproduct.lnk
Deleted ! E:\GOWeatherEX.lnk
Deleted ! E:\GoTheme.lnk
Deleted ! E:\screenEdit.lnk
Deleted ! E:\image_cache.lnk
Deleted ! E:\tjcache.lnk
Deleted ! E:\Sygic.lnk
Deleted ! G:\LOST.DIR.lnk
Deleted ! G:\.android_secure.lnk
Deleted ! G:\DCIM.lnk
Deleted ! G:\manual 306.lnk
Deleted ! G:\Music.lnk
Deleted ! G:\Picture.lnk
Deleted ! G:\Video.lnk
Deleted ! G:\Vyzvánění.lnk
Deleted ! G:\Android.lnk
Deleted ! G:\Notifications.lnk
Deleted ! G:\Sounds.lnk
Deleted ! G:\.downloadTemp.lnk
Deleted ! G:\Download.lnk

(!) Temporary files deleted.

################## | Registry |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] "C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKCU\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
04 - HKLM\..\Run : [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - [x64] HKLM\..\Run : [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
04 - [x64] HKLM\..\Run : [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
04 - [x64] HKLM\..\Run : [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
04 - [x64] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
04 - [x64] HKLM\..\Run : [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - [x64] HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3483745573-2704642024-167589902-1000\..\Run : [Google Update] "C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3483745573-2704642024-167589902-1000\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-21-3483745573-2704642024-167589902-1000\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10 Ko] - C:\eula.1033.txt
[30/05/2014 - 14:40:15 | ASH | 6277524 Ko] - C:\hiberfil.sys
[30/05/2014 - 14:40:19 | ASH | 8370032 Ko] - C:\pagefile.sys
[07/11/2007 - 08:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\globdata.ini
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 08:03:18 | N | 550 Ko | SHA1: FB517ABB38E9CCC67DE411D4F18A9446C11C0923] - C:\install.exe
[07/11/2007 - 08:03:18 | N | 93 Ko | SHA1: 3B01AA2CE407D89AE218A4CD81D21E3F25077B5B] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | SHA1: 24A1F8FF465746148BB82364713FB75297BC9656] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | SHA1: CC9D7D205F965659429B95DD2F317D9D4DE8820B] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9C57F09A4613B8F44C730511D3CCA9121780B630] - C:\install.res.3082.dll
[07/11/2007 - 08:03:18 | N | 95 Ko | SHA1: 0616CDE3285284430679368575A5A4ED3672722D] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 75 Ko | SHA1: 549AB876AC211651E77A458FC72859B6B1C304CB] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9723B8595A326B38ECB31F64B3A67C1ED339BB60] - C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | SHA1: 9EC25485A7FF52D1211A28CCA095950901669B34] - C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | SHA1: E263B6FB41E2984CDF8D23A25EF1C536F32C4EC3] - C:\install.res.1042.dll
[07/11/2007 - 08:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:00:40 | N | 6 Ko] - C:\vcredist.bmp
[25/11/2013 - 20:58:19 | SHD] - C:\$Recycle.Bin
[12/08/2011 - 10:09:45 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[12/08/2011 - 09:24:00 | D] - C:\Intel
[25/11/2013 - 19:59:50 | D] - C:\book
[25/11/2013 - 20:32:22 | D] - C:\Dolby PCEE4
[25/11/2013 - 20:55:11 | SHD] - C:\Recovery
[25/11/2013 - 20:55:22 | D] - C:\Users
[25/11/2013 - 20:57:41 | D] - C:\OEM
[25/11/2013 - 22:37:10 | RHD] - C:\MSOCache
[15/02/2014 - 23:40:47 | D] - C:\AMD
[14/05/2014 - 19:59:59 | HD] - C:\ProgramData
[26/05/2014 - 22:01:48 | D] - C:\Hry
[26/05/2014 - 22:48:15 | D] - C:\Program Files (x86)
[28/05/2014 - 18:19:16 | D] - C:\Windows
[28/05/2014 - 18:45:50 | SHD] - C:\System Volume Information
[29/05/2014 - 09:40:23 | D] - C:\Program Files
[29/05/2014 - 09:40:44 | D] - C:\rsit
[30/05/2014 - 15:00:20 | D] - C:\UsbFix

################## | E:\ - Removable drive (FAT32) |

[29/04/2014 - 23:14:34 | D] - E:\.quickdial
[10/05/2014 - 22:15:38 | D] - E:\.PolarisViewer4
[26/09/2013 - 08:23:28 | D] - E:\.goproduct
[02/03/2013 - 15:51:18 | D] - E:\.face
[20/03/2013 - 23:27:20 | D] - E:\.doodlemobile_featureviewnew
[26/02/2013 - 22:08:06 | D] - E:\LOST.DIR
[10/07/2013 - 14:39:58 | N | 0 Ko] - E:\.cntrsa1
[01/03/2013 - 08:11:14 | D] - E:\.clipboard
[17/06/2013 - 16:37:36 | N | 0 Ko] - E:\.bugsense
[27/02/2013 - 09:38:42 | D] - E:\.beintoo
[12/03/2013 - 11:02:50 | D] - E:\com.zinio.samsung.android
[09/08/2013 - 15:07:22 | D] - E:\.adc
[01/01/1980 - 00:00:00 | D] - E:\DVR
[26/02/2013 - 22:22:40 | D] - E:\Notifications
[26/02/2013 - 22:59:46 | D] - E:\Android
[27/02/2013 - 00:33:48 | D] - E:\media
[27/02/2013 - 09:38:40 | D] - E:\openfeint
[27/02/2013 - 23:06:20 | D] - E:\Music
[27/02/2013 - 23:06:20 | D] - E:\files
[27/02/2013 - 23:07:14 | D] - E:\samsungapps
[24/03/2013 - 22:42:20 | D] - E:\Playlists
[19/05/2013 - 23:32:30 | D] - E:\clipart
[09/06/2013 - 19:45:52 | D] - E:\Halfbrick
[10/06/2013 - 17:44:40 | D] - E:\LoquendoTTS
[21/06/2013 - 12:41:24 | D] - E:\Nearby
[28/06/2013 - 17:22:22 | D] - E:\panoramas
[19/07/2013 - 18:17:06 | D] - E:\AllsharePlayLog
[12/08/2013 - 15:21:24 | D] - E:\MzwBackup
[12/08/2013 - 15:21:24 | D] - E:\MzwDownloads
[19/08/2013 - 16:15:18 | D] - E:\EditedOnlinePhotos
[24/08/2013 - 13:39:16 | D] - E:\MxBrowser
[07/09/2013 - 20:14:12 | D] - E:\LazyList
[08/09/2013 - 08:40:00 | D] - E:\log
[11/09/2013 - 10:01:46 | D] - E:\mountainbikePRO
[13/09/2013 - 16:40:52 | D] - E:\Pictures
[17/09/2013 - 00:43:36 | D] - E:\AppGame
[17/09/2013 - 09:36:06 | D] - E:\GoStore
[17/09/2013 - 13:38:58 | D] - E:\screenEdit
[11/10/2013 - 14:27:10 | D] - E:\image_cache
[19/10/2013 - 00:10:38 | D] - E:\Sounds
[25/10/2013 - 10:16:58 | D] - E:\tjcache
[14/12/2013 - 10:08:52 | D] - E:\GOWeatherEX
[02/01/2014 - 15:43:36 | D] - E:\Sygic
[02/01/2014 - 18:09:40 | D] - E:\dfp
[21/01/2014 - 00:04:34 | D] - E:\GOLauncherEX
[16/02/2014 - 23:16:38 | D] - E:\MoreExchange
[25/04/2014 - 17:47:54 | D] - E:\Ringtones
[01/05/2014 - 18:29:16 | D] - E:\Download
[15/05/2014 - 22:09:52 | D] - E:\Bluetooth
[18/05/2014 - 10:35:50 | D] - E:\Themestore
[28/05/2014 - 15:32:20 | D] - E:\DCIM
[30/05/2014 - 12:59:00 | D] - E:\GoTheme

################## | G:\ - Removable drive (FAT32) |

[11/12/2013 - 14:11:16 | D] - G:\.downloadTemp
[26/02/2013 - 22:07:38 | D] - G:\LOST.DIR
[27/05/2014 - 22:27:16 | D] - G:\.android_secure
[26/02/2013 - 20:20:56 | D] - G:\manual 306
[27/03/2013 - 23:56:54 | D] - G:\Vyzvánění
[30/07/2013 - 15:27:56 | D] - G:\Android
[30/07/2013 - 15:28:00 | D] - G:\Notifications
[12/10/2013 - 09:40:08 | D] - G:\Picture
[01/01/2014 - 21:16:28 | D] - G:\Music
[26/04/2014 - 23:44:34 | D] - G:\Sounds
[01/05/2014 - 18:29:36 | D] - G:\Download
[10/05/2014 - 21:57:48 | D] - G:\Video
[29/05/2014 - 02:27:52 | D] - G:\DCIM

################## | H:\ - Removable drive (FAT32) |

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[McBright]

# AdwCleaner v3.211 - Report created 30/05/2014 at 19:53:40
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : McBright - MCBRIGHT-PC
# Running from : C:\Users\McBright\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\McBright\AppData\Local\genienext
Folder Deleted : C:\Users\McBright\AppData\Local\Mobogenie
Folder Deleted : C:\Users\McBright\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\McBright\AppData\Roaming\pdfforge
File Deleted : C:\Users\McBright\daemonprocess.txt

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ File : C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1408 octets] - [30/05/2014 19:49:45]
AdwCleaner[S0].txt - [1303 octets] - [30/05/2014 19:53:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1363 octets] ##########

[vyosek]

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[McBright]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by McBright (administrator) on MCBRIGHT-PC on 30-05-2014 21:07:00
Running from C:\Users\McBright\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\McBright\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\McBright\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3483745573-2704642024-167589902-1000\...\Run: [Google Update] => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-25] (Google Inc.)
HKU\S-1-5-21-3483745573-2704642024-167589902-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3483745573-2704642024-167589902-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-22] (AMD)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\McBright\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\McBright\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Extension: (Disk Google) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (YouTube) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Vyhledávání Google) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Dark Vibe) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2013-11-26]
CHR Extension: (Smooth Gestures) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-11-26]
CHR Extension: (Peněženka Google) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\McBright\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-25]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-21] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-25] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-11-25] ()
U3 a2r5vldl; C:\Windows\System32\Drivers\a2r5vldl.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 21:07 - 2014-05-30 21:07 - 00014721 _____ () C:\Users\McBright\Desktop\FRST.txt
2014-05-30 21:06 - 2014-05-30 21:07 - 00000000 ____D () C:\FRST
2014-05-30 21:05 - 2014-05-30 21:05 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\FRSTLauncher.exe
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 822923.crdownload
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 175647.crdownload
2014-05-30 21:01 - 2014-05-30 21:01 - 02066944 _____ (Farbar) C:\Users\McBright\Desktop\FRST64.exe
2014-05-30 19:54 - 2014-05-30 19:54 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-30 19:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-30 19:49 - 2014-05-30 19:53 - 00000000 ____D () C:\AdwCleaner
2014-05-30 19:48 - 2014-05-30 19:48 - 01327971 _____ () C:\Users\McBright\Desktop\adwcleaner_3.211.exe
2014-05-30 15:00 - 2014-05-30 15:00 - 00001452 _____ () C:\Users\McBright\Desktop\UsbFix.lnk
2014-05-30 15:00 - 2014-05-30 15:00 - 00000000 ____D () C:\UsbFix
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\rsit
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\Program Files\trend micro
2014-05-29 09:39 - 2014-05-29 09:39 - 01222144 _____ () C:\Users\McBright\Desktop\RSITx64.exe
2014-05-28 19:02 - 2014-05-28 19:13 - 00000000 ____D () C:\Users\McBright\Desktop\mobil
2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-28 18:19 - 2014-05-30 19:54 - 00000980 _____ () C:\Windows\setupact.log
2014-05-28 18:19 - 2014-05-28 18:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Users\McBright\Desktop\FLASHKA
2014-05-26 23:09 - 2014-05-26 23:09 - 00000000 ____D () C:\Users\McBright\Documents\My Games
2014-05-26 22:48 - 2014-05-26 22:48 - 00000000 ____D () C:\Users\McBright\AppData\Local\Ubisoft Game Launcher
2014-05-26 22:48 - 2014-05-26 22:48 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-05-26 17:48 - 2014-05-27 10:38 - 00000000 ____D () C:\Users\McBright\Downloads\Watch Dogs
2014-05-21 10:04 - 2014-05-21 10:04 - 00000000 ____D () C:\Users\McBright\AppData\Local\Apps\2.0
2014-05-20 16:51 - 2014-05-21 14:27 - 00000000 ____D () C:\Users\McBright\Downloads\Teplo 2010
2014-05-20 16:44 - 2014-05-20 16:50 - 00000000 ____D () C:\Program Files (x86)\Teplo 2010
2014-05-20 16:44 - 2014-05-20 16:44 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tepelná technika
2014-05-18 14:59 - 2012-05-09 02:43 - 02872680 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkinsAD11.exe
2014-05-18 14:59 - 2012-05-09 02:43 - 00329576 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkstsAD11LM.dll
2014-05-18 14:59 - 2012-05-09 02:43 - 00269160 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkcoiAD11.dll
2014-05-16 00:07 - 2014-05-16 00:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 00:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 00:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 00:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 00:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:56 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:56 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:55 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:55 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:55 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:55 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:55 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:55 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:55 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:55 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:55 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:55 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:55 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:55 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:55 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:55 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:55 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:55 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:55 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:55 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:55 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:55 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 13:55 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 20:02 - 2014-05-14 20:03 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\PDF Architect 2
2014-05-14 20:01 - 2014-05-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-14 20:00 - 2014-05-14 20:00 - 00000000 ____D () C:\Users\McBright\Documents\PDF Architect 2
2014-05-14 20:00 - 2014-05-14 20:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-14 19:59 - 2014-05-28 17:58 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-14 19:59 - 2014-05-14 19:59 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-14 19:59 - 2014-05-14 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-14 19:59 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-05-14 19:59 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-05-14 19:59 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-05-14 19:59 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-05-14 19:59 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-05-14 14:06 - 2014-05-14 14:06 - 00007427 _____ () C:\Windows\Explorer-20140514(12-06-06)-[1704].RPT
2014-05-12 09:55 - 2014-05-12 12:36 - 00000000 ____D () C:\Users\McBright\Downloads\Bound by Flame
2014-05-03 11:15 - 2014-05-16 10:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\ATI
2014-05-02 20:57 - 2014-05-02 20:57 - 00055928 _____ () C:\Windows\SysWOW64\CCCInstall_201405022057422335.log
2014-05-02 20:57 - 2014-05-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-02 20:57 - 2014-05-02 20:57 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

2014-05-30 21:07 - 2014-05-30 21:07 - 00014721 _____ () C:\Users\McBright\Desktop\FRST.txt
2014-05-30 21:07 - 2014-05-30 21:06 - 00000000 ____D () C:\FRST
2014-05-30 21:07 - 2013-11-25 20:55 - 00000000 ____D () C:\Users\McBright\AppData\Local\Temp
2014-05-30 21:05 - 2014-05-30 21:05 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\FRSTLauncher.exe
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 822923.crdownload
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 175647.crdownload
2014-05-30 21:01 - 2014-05-30 21:01 - 02066944 _____ (Farbar) C:\Users\McBright\Desktop\FRST64.exe
2014-05-30 20:44 - 2013-11-25 21:10 - 00000974 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job
2014-05-30 20:42 - 2013-11-28 12:14 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 20:25 - 2013-11-25 19:55 - 01243530 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 20:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 20:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 19:55 - 2014-03-28 21:03 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-30 19:55 - 2014-02-14 10:45 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-30 19:55 - 2013-11-25 21:15 - 00000000 ____D () C:\ProgramData\clear.fi
2014-05-30 19:54 - 2014-05-30 19:54 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-30 19:54 - 2014-05-28 18:19 - 00000980 _____ () C:\Windows\setupact.log
2014-05-30 19:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 19:53 - 2014-05-30 19:49 - 00000000 ____D () C:\AdwCleaner
2014-05-30 19:53 - 2013-11-25 20:55 - 00000000 ____D () C:\Users\McBright
2014-05-30 19:48 - 2014-05-30 19:48 - 01327971 _____ () C:\Users\McBright\Desktop\adwcleaner_3.211.exe
2014-05-30 15:00 - 2014-05-30 15:00 - 00001452 _____ () C:\Users\McBright\Desktop\UsbFix.lnk
2014-05-30 15:00 - 2014-05-30 15:00 - 00000000 ____D () C:\UsbFix
2014-05-30 15:00 - 2013-11-26 04:48 - 00668792 _____ () C:\Windows\system32\perfh005.dat
2014-05-30 15:00 - 2013-11-26 04:48 - 00141420 _____ () C:\Windows\system32\perfc005.dat
2014-05-30 15:00 - 2009-07-14 07:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 14:43 - 2013-11-25 21:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-29 23:31 - 2013-11-26 01:05 - 00000000 ___RD () C:\Users\McBright\Desktop\mUst wAtCH
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\rsit
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\Program Files\trend micro
2014-05-29 09:39 - 2014-05-29 09:39 - 01222144 _____ () C:\Users\McBright\Desktop\RSITx64.exe
2014-05-28 19:13 - 2014-05-28 19:02 - 00000000 ____D () C:\Users\McBright\Desktop\mobil
2014-05-28 19:06 - 2013-11-25 20:58 - 00000000 ___RD () C:\Users\McBright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-28 18:19 - 2014-05-28 18:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 17:58 - 2014-05-14 19:59 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-28 17:58 - 2014-01-26 13:37 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\uTorrent
2014-05-28 17:58 - 2014-01-06 09:49 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 17:58 - 2013-11-25 23:32 - 00000000 ____D () C:\Users\McBright\AppData\Local\CrashDumps
2014-05-28 17:58 - 2013-11-25 22:24 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\DAEMON Tools Lite
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Users\McBright\Desktop\FLASHKA
2014-05-28 12:44 - 2013-11-25 21:10 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job
2014-05-27 22:19 - 2013-11-27 13:10 - 00000000 ____D () C:\Users\McBright\Documents\FIFA 14
2014-05-27 10:38 - 2014-05-26 17:48 - 00000000 ____D () C:\Users\McBright\Downloads\Watch Dogs
2014-05-27 09:50 - 2013-11-26 15:36 - 00000000 ____D () C:\Users\McBright\Graphisoft
2014-05-27 08:58 - 2013-11-26 15:37 - 00000000 ____D () C:\Users\McBright\Documents\BIMx
2014-05-26 23:09 - 2014-05-26 23:09 - 00000000 ____D () C:\Users\McBright\Documents\My Games
2014-05-26 23:09 - 2013-11-27 12:26 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-26 22:48 - 2014-05-26 22:48 - 00000000 ____D () C:\Users\McBright\AppData\Local\Ubisoft Game Launcher
2014-05-26 22:48 - 2014-05-26 22:48 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-05-26 22:48 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-26 22:01 - 2013-11-26 14:59 - 00000000 ____D () C:\Hry
2014-05-26 21:58 - 2013-11-26 01:56 - 00000000 ____D () C:\Users\McBright\Documents\filmky
2014-05-24 15:24 - 2013-11-26 00:14 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\Abvent_Artlantis5
2014-05-21 14:27 - 2014-05-20 16:51 - 00000000 ____D () C:\Users\McBright\Downloads\Teplo 2010
2014-05-21 10:04 - 2014-05-21 10:04 - 00000000 ____D () C:\Users\McBright\AppData\Local\Apps\2.0
2014-05-20 16:50 - 2014-05-20 16:44 - 00000000 ____D () C:\Program Files (x86)\Teplo 2010
2014-05-20 16:50 - 2013-11-25 20:55 - 00000000 ____D () C:\Users\McBright\AppData\Local\VirtualStore
2014-05-20 16:44 - 2014-05-20 16:44 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tepelná technika
2014-05-16 15:03 - 2013-11-26 13:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 10:40 - 2013-11-26 14:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 10:33 - 2013-11-26 14:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 10:28 - 2013-11-25 20:58 - 00000000 ___RD () C:\Users\McBright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 10:25 - 2014-05-03 11:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 00:07 - 2014-05-16 00:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 00:07 - 2013-11-25 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 13:37 - 2013-12-28 17:40 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:37 - 2013-11-25 21:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:37 - 2013-11-25 21:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 21:42 - 2013-11-28 12:14 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:42 - 2013-11-28 12:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:42 - 2013-11-28 12:14 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:03 - 2014-05-14 20:02 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\PDF Architect 2
2014-05-14 20:01 - 2014-05-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-14 20:00 - 2014-05-14 20:00 - 00000000 ____D () C:\Users\McBright\Documents\PDF Architect 2
2014-05-14 20:00 - 2014-05-14 20:00 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-14 19:59 - 2014-05-14 19:59 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-14 19:59 - 2014-05-14 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-14 14:06 - 2014-05-14 14:06 - 00007427 _____ () C:\Windows\Explorer-20140514(12-06-06)-[1704].RPT
2014-05-14 12:16 - 2013-11-25 20:58 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\Atheros
2014-05-13 22:13 - 2013-11-26 01:21 - 00000000 ____D () C:\Users\McBright\Documents\Bluetooth Folder
2014-05-12 12:36 - 2014-05-12 09:55 - 00000000 ____D () C:\Users\McBright\Downloads\Bound by Flame
2014-05-09 12:39 - 2013-11-25 21:10 - 00003954 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA
2014-05-09 12:39 - 2013-11-25 21:10 - 00003558 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core
2014-05-09 08:14 - 2014-05-15 13:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 13:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-16 00:07 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 00:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 00:07 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 00:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 00:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 00:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 22:21 - 2013-11-29 21:01 - 00000000 ____D () C:\Users\McBright\AppData\Roaming\vlc
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\ATI
2014-05-02 20:57 - 2014-05-02 20:57 - 00055928 _____ () C:\Windows\SysWOW64\CCCInstall_201405022057422335.log
2014-05-02 20:57 - 2014-05-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-02 20:57 - 2014-05-02 20:57 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-02 20:57 - 2013-12-19 16:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-02 20:57 - 2013-11-25 23:11 - 00000000 ____D () C:\ProgramData\AMD
2014-05-02 19:03 - 2014-04-25 16:27 - 00000000 ____D () C:\Users\McBright\Downloads\Dark Souls II

Some content of TEMP:
====================
C:\Users\McBright\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 14:31




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:682.54 GB) (Free:32.17 GB) NTFS

Available physical RAM: 5903.12 MB
Total physical RAM: 8173.86 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BEE77D04)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\McBright\Desktop" je 78939 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
  HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
  HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
  HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
  HKU\S-1-5-21-3483745573-2704642024-167589902-1000\...\Run: [Google Update] => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-25] (Google Inc.)
  
  SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
  Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
  
  R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
  C:\Program Files (x86)\PANDORA.TV
  
  2014-05-30 21:05 - 2014-05-30 21:05 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\FRSTLauncher.exe
  2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 822923.crdownload
  2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 175647.crdownload
  2014-05-30 19:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
  2014-05-30 19:49 - 2014-05-30 19:53 - 00000000 ____D () C:\AdwCleaner
  2014-05-30 19:48 - 2014-05-30 19:48 - 01327971 _____ () C:\Users\McBright\Desktop\adwcleaner_3.211.exe
  2014-05-30 15:00 - 2014-05-30 15:00 - 00001452 _____ () C:\Users\McBright\Desktop\UsbFix.lnk
  2014-05-30 15:00 - 2014-05-30 15:00 - 00000000 ____D () C:\UsbFix
  2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\rsit
  2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\Program Files\trend micro
  2014-05-29 09:39 - 2014-05-29 09:39 - 01222144 _____ () C:\Users\McBright\Desktop\RSITx64.exe
  C:\Windows\AutoKMS
  
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe
  
  Hosts:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[McBright]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by McBright at 2014-05-30 21:26:25 Run:1
Running from C:\Users\McBright\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3483745573-2704642024-167589902-1000\...\Run: [Google Update] => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-25] (Google Inc.)

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
C:\Program Files (x86)\PANDORA.TV

2014-05-30 21:05 - 2014-05-30 21:05 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\FRSTLauncher.exe
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 822923.crdownload
2014-05-30 21:03 - 2014-05-30 21:03 - 00112640 _____ (forum.viry.cz) C:\Users\McBright\Desktop\Nepotvrzeno 175647.crdownload
2014-05-30 19:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-30 19:49 - 2014-05-30 19:53 - 00000000 ____D () C:\AdwCleaner
2014-05-30 19:48 - 2014-05-30 19:48 - 01327971 _____ () C:\Users\McBright\Desktop\adwcleaner_3.211.exe
2014-05-30 15:00 - 2014-05-30 15:00 - 00001452 _____ () C:\Users\McBright\Desktop\UsbFix.lnk
2014-05-30 15:00 - 2014-05-30 15:00 - 00000000 ____D () C:\UsbFix
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\rsit
2014-05-29 09:40 - 2014-05-29 09:40 - 00000000 ____D () C:\Program Files\trend micro
2014-05-29 09:39 - 2014-05-29 09:39 - 01222144 _____ () C:\Users\McBright\Desktop\RSITx64.exe
C:\Windows\AutoKMS

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job => C:\Users\McBright\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-21-3483745573-2704642024-167589902-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
PanService => Service stopped successfully.
PanService => Service deleted successfully.
C:\Program Files (x86)\PANDORA.TV => Moved successfully.
C:\Users\McBright\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\McBright\Desktop\Nepotvrzeno 822923.crdownload" => File/Directory not found.
"C:\Users\McBright\Desktop\Nepotvrzeno 175647.crdownload" => File/Directory not found.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\McBright\Desktop\adwcleaner_3.211.exe => Moved successfully.
C:\Users\McBright\Desktop\UsbFix.lnk => Moved successfully.
C:\UsbFix => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\McBright\Desktop\RSITx64.exe => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483745573-2704642024-167589902-1000UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[McBright]

Děkuji Vám za pomoc, jste nejlepší! Už to vypadalo na přeinstalování windows a formátování mobilu, ale vše již běží skvěle.

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat