Prosím o kontolu logu, pc samo píše

[V0k0un11]

Dobrý den,

prosím o kontrolu logu, PC mi samo v některých hrách píše texty s erotickým nádechem. Předem Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:34, on 21.4.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Pavel274\AppData\Local\Temp\server.exe
C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pavel274\Desktop\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\Pavel274\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
O4 - HKCU\..\Run: [5cd8f17f4086744065eb0992a09e05a2] "C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe" ..
O4 - HKCU\..\Run: [cjqehlqkxs] wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs"
O4 - HKCU\..\Run: [zzeraoshvc] wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\zzeraoshvc.vbs"
O4 - HKCU\..\Run: [ff] wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\ff.vbs"
O4 - HKCU\..\Run: [f4cc7895d0ceee434f285cbc9a0a9227] "C:\Users\Pavel274\AppData\Local\Temp\server.exe" ..
O4 - HKCU\..\Run: [0ea6602f688bf515c8e0367b0a8c4d35] "C:\Users\Pavel274\AppData\Local\Temp\nemar.exe" ..
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [8d53f1b2f5185955ae6e6ffc403b00b5] "C:\Users\Pavel274\AppData\Local\Temp\nemar.exe" ..
O4 - Startup: 0ea6602f688bf515c8e0367b0a8c4d35.exe
O4 - Startup: 5cd8f17f4086744065eb0992a09e05a2.exe
O4 - Startup: 8d53f1b2f5185955ae6e6ffc403b00b5.exe
O4 - Startup: cjqehlqkxs.vbs
O4 - Startup: ff.vbs
O4 - Startup: Server.exe
O4 - Startup: zzeraoshvc.vbs
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.24.0.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12413 bytes

[altrok]

Zdravim


nepochybne na tom bude mit podil, ze nemate zaplatovany system (bez Service Packu apod.) a dale v logu nevidim ani antivir...

Odinstalujte

• McAfee Security Scan - adware z instalace Adobe Flash Playeru http://forum.viry.cz/viewtopic.php?p=1374437#p1374437

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[V0k0un11]

Dobrý den,

posílám log

# AdwCleaner v4.201 - Log vytvořen 21/04/2015 v 15:44:45
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-20.1 [Server]
# Operační system : Windows 7 Home Premium (x64)
# Uživatelské jméno : Pavel274 - PAVEL274-PC
# Spuštěno z : C:\Users\Pavel274\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Klíč Smazáno : HKCU\Software\8d53f1b2f5185955ae6e6ffc403b00b5
Klíč Smazáno : HKCU\Software\f4cc7895d0ceee434f285cbc9a0a9227

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v37.0.2 (x86 cs)


-\\ Google Chrome v42.0.2311.90


*************************

AdwCleaner[R0].txt - [6022 bytů] - [21/04/2015 07:27:10]
AdwCleaner[R1].txt - [1104 bytů] - [21/04/2015 07:40:30]
AdwCleaner[R2].txt - [1162 bytů] - [21/04/2015 15:42:03]
AdwCleaner[S0].txt - [5711 bytů] - [21/04/2015 07:28:21]
AdwCleaner[S1].txt - [1085 bytů] - [21/04/2015 15:44:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1143 bytů] ##########

Děkuji za další radu.

[altrok]

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[V0k0un11]

Dobrý den,

tady jsou:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Pavel274 (administrator) on PAVEL274-PC on 22-04-2015 06:01:56
Running from C:\Users\Pavel274\Desktop
Loaded Profiles: Pavel274 (Available profiles: Pavel274)
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(OKrLS3L5J4A0v) C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-04-28] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2009-04-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [5cd8f17f4086744065eb0992a09e05a2] => C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe [1976832 2014-09-19] (OKrLS3L5J4A0v) <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [cjqehlqkxs] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [zzeraoshvc] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\zzeraoshvc.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [ff] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\ff.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [0ea6602f688bf515c8e0367b0a8c4d35] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [8d53f1b2f5185955ae6e6ffc403b00b5] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [tmp7771] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\MountPoints2: {4ab694c1-4e60-11e4-8a9b-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-10-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2009-10-27]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2009-10-27]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.vbs [2015-04-21] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ea6602f688bf515c8e0367b0a8c4d35.exe [2015-04-19] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [2015-04-18] (OKrLS3L5J4A0v)
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8d53f1b2f5185955ae6e6ffc403b00b5.exe [2015-04-20] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cjqehlqkxs.vbs [2015-04-18] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff.vbs [2015-04-18] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA.exe [2015-04-21] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server.exe [2015-04-19] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7771.tmp.vbs [2015-04-21] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzeraoshvc.vbs [2015-04-18] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-09] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-05] (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-09] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-395542899-2756949658-4088785033-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.24.0.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1

FireFox:
========
FF ProfilePath: C:\Users\Pavel274\AppData\Roaming\Mozilla\Firefox\Profiles\250wlp93.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-395542899-2756949658-4088785033-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pavel274\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> https://www.google.cz/
CHR Profile: C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-18]
CHR Extension: (Google Docs) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-18]
CHR Extension: (Google Drive) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-18]
CHR Extension: (YouTube) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-18]
CHR Extension: (Google Search) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-18]
CHR Extension: (Google Sheets) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-18]
CHR Extension: (Google Wallet) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
CHR Extension: (Gmail) - C:\Users\Pavel274\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [676864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [676864 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [703488 2009-07-14] (Microsoft Corporation) [File not signed]
R3 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [175104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [135680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [509440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [314368 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [182272 2009-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2009-07-14] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-24] (ASUSTeK Computer Inc.)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 FontCache; C:\Windows\system32\FntCache.dll [1127936 2009-07-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [776192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [231936 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2009-07-14] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [845824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [565760 2009-07-14] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [235520 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [824832 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2009-07-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [475648 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [302080 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1390080 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-02] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2015-03-02] ()
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [500224 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [208384 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [343552 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [509440 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1104384 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-14] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [104960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [369664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [558080 2009-07-14] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [578560 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1780736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [93184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316416 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [706560 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [532480 2009-07-14] (Microsoft Corporation) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 VSS; C:\Windows\system32\vssvc.exe [1598976 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1503744 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [366592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [254464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [348672 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [116736 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [593408 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2418176 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [227840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [40448 2009-05-26] (Alcor Micro, Corp.) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Atheros Communications, Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [551936 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-19] (Disc Soft Ltd)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [974848 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [140800 2009-07-09] (ELAN Microelectronic Corp.) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] (Microsoft Corporation) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [58880 2009-07-27] (Atheros Communications, Inc.) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [956416 2009-05-15] (DiBcom) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NETw1v64; C:\Windows\System32\DRIVERS\NETw1v64.sys [7058432 2009-07-20] (Intel Corporation) [File not signed]
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [6952960 2009-10-05] (Intel Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SiSGbeLH; C:\Windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Silicon Integrated Systems Corp.) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] (Microsoft Corporation) [File not signed]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 06:01 - 2015-04-22 06:02 - 00053823 _____ () C:\Users\Pavel274\Desktop\FRST.txt
2015-04-22 06:01 - 2015-04-22 06:01 - 00000000 ____D () C:\FRST
2015-04-22 05:59 - 2015-04-22 05:59 - 02099712 _____ (Farbar) C:\Users\Pavel274\Desktop\FRST64.exe
2015-04-21 15:45 - 2015-04-21 15:45 - 00000586 _____ () C:\Windows\PFRO.log
2015-04-21 15:36 - 2015-04-21 15:45 - 00000336 _____ () C:\Windows\setupact.log
2015-04-21 15:36 - 2015-04-21 15:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-21 09:46 - 2015-04-21 09:46 - 00000885 _____ () C:\Users\Pavel274\Desktop\JRT.txt
2015-04-21 09:41 - 2015-04-21 09:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PAVEL274-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-21 09:41 - 2015-04-21 09:41 - 00000000 ____D () C:\RegBackup
2015-04-21 09:40 - 2015-04-21 06:06 - 02685507 _____ (Thisisu) C:\Users\Pavel274\Desktop\JRT_NEW.exe
2015-04-21 08:05 - 2015-04-21 08:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 07:27 - 2015-04-21 15:44 - 00000000 ____D () C:\AdwCleaner
2015-04-21 07:26 - 2015-04-21 07:26 - 02217984 _____ () C:\Users\Pavel274\Desktop\adwcleaner_4.201.exe
2015-04-21 07:23 - 2015-04-21 07:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-04-21 07:22 - 2015-04-21 07:22 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-04-21 07:22 - 2015-04-21 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-04-21 07:18 - 2015-04-21 07:22 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-04-21 07:17 - 2015-04-21 07:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-04-21 07:15 - 2015-04-21 07:16 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\Pavel274\Desktop\zafwSetupWeb_133_209_000.exe
2015-04-21 05:57 - 2015-04-21 05:57 - 00000000 ____D () C:\Program Files\Reason
2015-04-21 05:56 - 2015-04-21 05:56 - 02383648 _____ (Reason Company Software Inc.) C:\Users\Pavel274\Desktop\herdProtectScan_Portable.exe
2015-04-20 14:38 - 2015-04-20 14:38 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-20 14:38 - 2015-04-20 14:38 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-20 14:38 - 2015-04-20 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-20 14:38 - 2015-04-20 14:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-19 17:40 - 2015-04-19 17:40 - 00000000 ____D () C:\Users\Pavel274\Documents\My Cheat Tables
2015-04-19 09:30 - 2015-04-19 09:31 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\DAEMON Tools Lite
2015-04-19 09:30 - 2015-04-19 09:30 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-19 09:30 - 2015-04-19 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-04-19 09:27 - 2015-04-19 09:29 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-18 19:57 - 2015-04-18 19:57 - 00000000 ____D () C:\Users\Pavel274\AppData\Local\Microsoft Help
2015-04-18 15:21 - 2015-04-18 15:21 - 00003170 _____ () C:\Windows\System32\Tasks\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29}
2015-04-18 10:54 - 2015-04-18 10:54 - 00003198 _____ () C:\Windows\System32\Tasks\{385D2522-621B-45B6-9CCA-6CA097F95374}
2015-04-10 21:01 - 2015-04-10 21:01 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\LolClient
2015-04-10 19:52 - 2015-04-10 19:52 - 00000000 ____D () C:\ProgramData\Riot Games
2015-04-10 19:50 - 2015-04-10 19:50 - 00003460 _____ () C:\Windows\System32\Tasks\{66A1BB79-F6CE-456C-A4B2-C8197F62528F}
2015-04-10 19:50 - 2015-04-10 19:50 - 00001319 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-04-10 19:50 - 2015-04-10 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-10 19:49 - 2015-04-10 19:51 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\Riot Games
2015-04-09 18:08 - 2015-04-13 16:05 - 00000000 ____D () C:\Users\Pavel274\Desktop\vtipy
2015-04-04 17:58 - 2015-04-04 17:58 - 00000847 _____ () C:\Users\Pavel274\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
2015-04-04 17:58 - 2015-04-04 17:58 - 00000775 _____ () C:\Users\Pavel274\Desktop\Swat 4.lnk
2015-04-04 17:58 - 2015-04-04 17:58 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SWAT 4
2015-04-04 17:58 - 2015-04-04 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 4
2015-04-04 17:20 - 2015-04-04 17:20 - 00000000 ____D () C:\Windows\SWAT 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 06:02 - 2009-10-27 08:34 - 01460940 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 05:59 - 2009-08-03 22:00 - 00622660 _____ () C:\Windows\system32\perfh005.dat
2015-04-22 05:59 - 2009-08-03 22:00 - 00118810 _____ () C:\Windows\system32\perfc005.dat
2015-04-22 05:59 - 2009-07-14 07:13 - 01445734 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 05:56 - 2015-01-01 20:30 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 05:56 - 2014-10-18 12:38 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 15:52 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 15:52 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 15:48 - 2014-11-24 19:15 - 00003182 _____ () C:\Windows\System32\Tasks\P4GIntlCtrl
2015-04-21 15:48 - 2014-10-16 18:30 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-04-21 15:48 - 2009-10-27 09:23 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2015-04-21 15:47 - 2014-10-18 12:38 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 15:45 - 2009-10-27 09:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-21 15:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 15:36 - 2009-10-27 09:30 - 00001984 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-04-21 10:02 - 2014-12-02 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 10:01 - 2014-10-18 12:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-21 07:29 - 2009-10-27 09:30 - 00001479 _____ () C:\Windows\system32\ServiceFilter.ini
2015-04-21 05:45 - 2014-10-16 18:30 - 00000000 ____D () C:\Users\Pavel274
2015-04-20 14:39 - 2014-12-25 16:10 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\uTorrent
2015-04-20 14:39 - 2014-12-14 21:31 - 00000000 ____D () C:\Windows\Minidump
2015-04-20 14:39 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-04-20 13:45 - 2014-10-18 15:53 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-19 17:35 - 2014-10-16 18:42 - 00000000 ____D () C:\Users\Pavel274\AppData\Local\Adobe
2015-04-17 20:31 - 2014-10-18 12:39 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 18:08 - 2009-07-14 07:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-15 20:14 - 2015-01-01 20:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 20:14 - 2015-01-01 20:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 20:14 - 2015-01-01 20:30 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-05 15:51 - 2014-12-25 19:12 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 17:15 - 2014-11-22 23:23 - 00000000 ____D () C:\Users\Public\CyberLink
2015-04-04 17:15 - 2014-11-22 23:23 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\CyberLink
2015-03-30 19:05 - 2014-10-19 03:32 - 00000000 ____D () C:\Users\Pavel274\Documents\my games
2015-03-27 22:38 - 2014-12-25 22:51 - 00000000 ____D () C:\Users\Pavel274\AppData\Roaming\BSplayer

==================== Files in the root of some directories =======

2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2009-10-27 09:02 - 2009-10-27 09:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-10-27 09:12 - 2009-10-27 09:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-10-27 09:01 - 2009-10-27 09:02 - 0000106 _____ () C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
2009-10-27 09:11 - 2009-10-27 09:12 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-10-27 08:58 - 2009-10-27 09:01 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-10-27 09:02 - 2009-10-27 09:03 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2009-10-27 08:57 - 2009-10-27 08:58 - 0000115 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Files to move or delete:
====================
C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe
C:\Users\Pavel274\AppData\Local\Temp\nemar.exe


Some content of TEMP:
====================
C:\Users\Pavel274\AppData\Local\Temp\gbb.exe
C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
C:\Users\Pavel274\AppData\Local\Temp\Quarantine.exe
C:\Users\Pavel274\AppData\Local\Temp\sqlite3.dll
C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-21 09:13

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Pavel274 at 2015-04-22 06:03:26
Running from C:\Users\Pavel274\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.25001 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.8 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.20 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3212 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.3212 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.0.0526 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2713 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3131 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
ETDWare PS/2-x64 7.0.5.7_WHQL (HKLM\...\Elantech) (Version: - )
Express Gate (HKLM-x32\...\{865CD808-6D31-4269-9D36-693CFE75D26A}) (Version: 1.2.13.16 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.3 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
MainConcept MCE Encoder 64bit (HKLM\...\{FE6B5787-597D-4618-A4AB-261AAED9B5FD}) (Version: 1.5.1.1 - MainConcept GmbH)
Men of War: Vietnam (HKLM-x32\...\Steam App 63940) (Version: - 1C Company)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 cs)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA Ovladač 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Ovládací panel NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Search App by Ask (HKLM-x32\...\{4254522D-5350-006A-76A7-A75C790C1B00}) (Version: 12.27.0.1059 - APN, LLC) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - City Interactive)
SRS Premium Sound Control Panel (HKLM\...\{D42F84B6-3709-4A50-8502-6719D16AE6C8}) (Version: 1.07.0100 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 (HKLM-x32\...\SWAT 4) (Version: - )
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Tzar (HKLM-x32\...\Tzar) (Version: - )
Unity Web Player (HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version: - Eugen Systems)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version: - Eugen Systems)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {014AE17A-CD45-490D-87D7-277A1E48837E} - System32\Tasks\{385D2522-621B-45B6-9CCA-6CA097F95374} => pcalua.exe -a "C:\Users\Pavel274\Downloads\battlefield bad company 2 setup.exe" -d C:\Users\Pavel274\Downloads
Task: {0363DB07-74C2-4CF5-AA1D-7F2101655AFB} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {3F19F02D-D5CD-4661-A0CD-9EEFA83DDB11} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {43F2C913-0D0A-4D68-BF2A-C47D14A0EE5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {52F97B70-24C6-4604-A560-F8C0BFC6E661} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] ()
Task: {621DFE9B-07E7-484F-9E7B-55EA5B1D7A65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {82376795-52D5-4580-A6F6-38C11EB5694F} - System32\Tasks\{47AD9638-31C4-4C02-96B3-C08BDF46ABD6} => pcalua.exe -a C:\Users\Pavel274\AppData\Local\Temp\Temp1_Tzar---Burden-of-the-crown-CZ.zip\Tzar\Setup.exe
Task: {93F164AB-B0BD-4EFF-83B2-53A08F621846} - System32\Tasks\{275DF392-6DAE-4553-AFFA-0F9B850028DD} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {94C80E83-212D-4C4C-8DE9-A92F1FDFDA58} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {9CE7487F-50F4-4BB1-A29B-3DC2A1015D0A} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {BC8E6D27-BCAF-467D-B297-EDDF060F2CA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C0B4B293-58A1-40DE-9C43-3EA3CA179303} - System32\Tasks\{401C5136-CA8A-413F-B1B3-CA8DD5B18F53} => pcalua.exe -a E:\HRY\Setup.exe -d E:\HRY
Task: {C494D43E-F632-4F88-BD32-FE59A1A053D5} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-07-23] ()
Task: {D6B483A6-07EE-409D-9F93-71B5FC197F48} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-08-11] (ATK)
Task: {E6C83D56-35C2-4698-BFB6-CC813D422391} - System32\Tasks\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29} => pcalua.exe -a E:\HRY\Battlefield.3-RELOADED\OriginInstaller.exe -d E:\HRY\Battlefield.3-RELOADED
Task: {F01344D0-3C35-4DCD-BF9D-A893B8655240} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F5609C33-A462-44BC-900E-733A8C2CE045} - System32\Tasks\{66A1BB79-F6CE-456C-A4B2-C8197F62528F} => pcalua.exe -a C:\Users\Pavel274\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Pavel274\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:2756
Task: {F6AD2622-DAA2-4795-843C-A8EB46A501F3} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-28 23:41 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-10-27 09:22 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-11-08 13:49 - 2015-03-02 20:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-08 13:49 - 2015-03-02 20:04 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-07-24 19:32 - 2009-07-24 19:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-07-23 02:58 - 2009-07-23 02:58 - 00017976 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-05-05 19:00 - 2009-05-05 19:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-08-06 20:06 - 2009-08-06 20:06 - 00028672 _____ () C:\Program Files\P4G\OvrClk.dll
2009-10-27 09:22 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2015-04-19 14:28 - 2015-04-20 18:48 - 00024064 _____ () C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2009-10-27 08:58 - 2009-01-21 04:44 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-10-27 09:23 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-10-27 09:25 - 2009-06-22 22:37 - 00212992 _____ () C:\Windows\SysWOW64\Fast Boot\GetBootTime.dll
2008-08-28 01:32 - 2008-08-28 01:32 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 18:55 - 2008-06-09 18:55 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.88.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Accounts: =============================

Administrator (S-1-5-21-395542899-2756949658-4088785033-500 - Administrator - Disabled)
Guest (S-1-5-21-395542899-2756949658-4088785033-501 - Limited - Disabled)
Pavel274 (S-1-5-21-395542899-2756949658-4088785033-1000 - Administrator - Enabled) => C:\Users\Pavel274

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 06:03:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.

Error: (04/22/2015 06:03:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -583.


System errors:
=============
Error: (04/22/2015 06:00:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Search byla neočekávaně ukončena. Tento stav nastal již 8krát.

Error: (04/22/2015 06:00:25 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-2147217025, specifickou pro službu.

Error: (04/22/2015 06:00:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Search byla neočekávaně ukončena. Tento stav nastal již 7krát.

Error: (04/22/2015 06:00:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-2147217025, specifickou pro službu.

Error: (04/22/2015 05:59:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Search byla neočekávaně ukončena. Tento stav nastal již 6krát.

Error: (04/22/2015 05:59:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-2147217025, specifickou pro službu.

Error: (04/22/2015 05:59:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Search byla neočekávaně ukončena. Tento stav nastal již 5krát.

Error: (04/22/2015 05:59:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-2147217025, specifickou pro službu.

Error: (04/22/2015 05:59:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Search byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (04/22/2015 05:59:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-2147217025, specifickou pro službu.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-14 14:48:12.025
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 14:48:11.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 11:32:51.685
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 11:32:51.529
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:51:20.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:51:20.510
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:25:31.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETw5s64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:25:30.744
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETw5s64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:24:23.893
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETw5s64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-14 10:24:23.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETw5s64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 4095.24 MB
Available physical RAM: 2615.16 MB
Total Pagefile: 8188.63 MB
Available Pagefile: 6451.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:221.4 GB) (Free:58.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Disc) (Fixed) (Total:215.06 GB) (Free:164.58 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:29.28 GB) (Free:19.07 GB) FAT32 ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 681B4810)
Partition 1: (Not Active) - (Size=29.3 GB) - (Type=0C)
Partition 2: (Active) - (Size=221.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Děkuji. Ještě nainstaluji antvir a mám stáhnout i ty aktualizace Win?

[altrok]

S aktualizacemi pockejte az po tomto kroku, ktery smaze vetsinu haveti.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
  HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-08-15] (CyberLink Corp.)
  HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
  HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
  
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [5cd8f17f4086744065eb0992a09e05a2] => C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe [1976832 2014-09-19] (OKrLS3L5J4A0v) <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [cjqehlqkxs] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs" <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [zzeraoshvc] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\zzeraoshvc.vbs" <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [ff] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\ff.vbs" <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [0ea6602f688bf515c8e0367b0a8c4d35] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [8d53f1b2f5185955ae6e6ffc403b00b5] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\.vbs" <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [tmp7771] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs" <===== ATTENTION
  HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\MountPoints2: {4ab694c1-4e60-11e4-8a9b-806e6f6e6963} - D:\autorun.exe
  
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ea6602f688bf515c8e0367b0a8c4d35.exe [2015-04-19] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [2015-04-18] (OKrLS3L5J4A0v)
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8d53f1b2f5185955ae6e6ffc403b00b5.exe [2015-04-20] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cjqehlqkxs.vbs [2015-04-18] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff.vbs [2015-04-18] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA.exe [2015-04-21] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server.exe [2015-04-19] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7771.tmp.vbs [2015-04-21] ()
  Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzeraoshvc.vbs [2015-04-18] ()
  
  C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe
  C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs
  C:\Users\Pavel274\AppData\Local\Temp\ff.vbs
  C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
  C:\Users\Pavel274\AppData\Local\Temp\.vbs
  C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  U3 tmlwf; No ImagePath
  U3 tmwfp; No ImagePath
  2015-04-21 15:45 - 2015-04-21 15:45 - 00000586 _____ () C:\Windows\PFRO.log
  2015-04-21 15:36 - 2015-04-21 15:45 - 00000336 _____ () C:\Windows\setupact.log
  2015-04-21 15:36 - 2015-04-21 15:36 - 00000000 _____ () C:\Windows\setuperr.log
  2015-04-21 07:27 - 2015-04-21 15:44 - 00000000 ____D () C:\AdwCleaner
  2015-04-21 07:26 - 2015-04-21 07:26 - 02217984 _____ () C:\Users\Pavel274\Desktop\adwcleaner_4.201.exe
  Task: {014AE17A-CD45-490D-87D7-277A1E48837E} - System32\Tasks\{385D2522-621B-45B6-9CCA-6CA097F95374} => pcalua.exe -a "C:\Users\Pavel274\Downloads\battlefield bad company 2 setup.exe" -d C:\Users\Pavel274\Downloads
  Task: {82376795-52D5-4580-A6F6-38C11EB5694F} - System32\Tasks\{47AD9638-31C4-4C02-96B3-C08BDF46ABD6} => pcalua.exe -a C:\Users\Pavel274\AppData\Local\Temp\Temp1_Tzar---Burden-of-the-crown-CZ.zip\Tzar\Setup.exe
  Task: {C0B4B293-58A1-40DE-9C43-3EA3CA179303} - System32\Tasks\{401C5136-CA8A-413F-B1B3-CA8DD5B18F53} => pcalua.exe -a E:\HRY\Setup.exe -d E:\HRY
  Task: {E6C83D56-35C2-4698-BFB6-CC813D422391} - System32\Tasks\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29} => pcalua.exe -a E:\HRY\Battlefield.3-RELOADED\OriginInstaller.exe -d E:\HRY\Battlefield.3-RELOADED
  Task: {F5609C33-A462-44BC-900E-733A8C2CE045} - System32\Tasks\{66A1BB79-F6CE-456C-A4B2-C8197F62528F} => pcalua.exe -a C:\Users\Pavel274\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Pavel274\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:2756
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Hosts:
  EmptyTemp:
  End
  

[V0k0un11]

Zde je log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Pavel274 at 2015-04-22 11:49:49 Run:1
Running from C:\Users\Pavel274\Desktop
Loaded Profiles: Pavel274 (Available profiles: Pavel274)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)

HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [5cd8f17f4086744065eb0992a09e05a2] => C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe [1976832 2014-09-19] (OKrLS3L5J4A0v) <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [cjqehlqkxs] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [zzeraoshvc] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\zzeraoshvc.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [ff] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\ff.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [0ea6602f688bf515c8e0367b0a8c4d35] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [8d53f1b2f5185955ae6e6ffc403b00b5] => C:\Users\Pavel274\AppData\Local\Temp\nemar.exe [24064 2015-04-20] () <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\Run: [tmp7771] => wscript.exe //B "C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs" <===== ATTENTION
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\...\MountPoints2: {4ab694c1-4e60-11e4-8a9b-806e6f6e6963} - D:\autorun.exe

Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ea6602f688bf515c8e0367b0a8c4d35.exe [2015-04-19] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [2015-04-18] (OKrLS3L5J4A0v)
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8d53f1b2f5185955ae6e6ffc403b00b5.exe [2015-04-20] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cjqehlqkxs.vbs [2015-04-18] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff.vbs [2015-04-18] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA.exe [2015-04-21] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server.exe [2015-04-19] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7771.tmp.vbs [2015-04-21] ()
Startup: C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzeraoshvc.vbs [2015-04-18] ()

C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe
C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs
C:\Users\Pavel274\AppData\Local\Temp\ff.vbs
C:\Users\Pavel274\AppData\Local\Temp\nemar.exe
C:\Users\Pavel274\AppData\Local\Temp\.vbs
C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
2015-04-21 15:45 - 2015-04-21 15:45 - 00000586 _____ () C:\Windows\PFRO.log
2015-04-21 15:36 - 2015-04-21 15:45 - 00000336 _____ () C:\Windows\setupact.log
2015-04-21 15:36 - 2015-04-21 15:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-21 07:27 - 2015-04-21 15:44 - 00000000 ____D () C:\AdwCleaner
2015-04-21 07:26 - 2015-04-21 07:26 - 02217984 _____ () C:\Users\Pavel274\Desktop\adwcleaner_4.201.exe
Task: {014AE17A-CD45-490D-87D7-277A1E48837E} - System32\Tasks\{385D2522-621B-45B6-9CCA-6CA097F95374} => pcalua.exe -a "C:\Users\Pavel274\Downloads\battlefield bad company 2 setup.exe" -d C:\Users\Pavel274\Downloads
Task: {82376795-52D5-4580-A6F6-38C11EB5694F} - System32\Tasks\{47AD9638-31C4-4C02-96B3-C08BDF46ABD6} => pcalua.exe -a C:\Users\Pavel274\AppData\Local\Temp\Temp1_Tzar---Burden-of-the-crown-CZ.zip\Tzar\Setup.exe
Task: {C0B4B293-58A1-40DE-9C43-3EA3CA179303} - System32\Tasks\{401C5136-CA8A-413F-B1B3-CA8DD5B18F53} => pcalua.exe -a E:\HRY\Setup.exe -d E:\HRY
Task: {E6C83D56-35C2-4698-BFB6-CC813D422391} - System32\Tasks\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29} => pcalua.exe -a E:\HRY\Battlefield.3-RELOADED\OriginInstaller.exe -d E:\HRY\Battlefield.3-RELOADED
Task: {F5609C33-A462-44BC-900E-733A8C2CE045} - System32\Tasks\{66A1BB79-F6CE-456C-A4B2-C8197F62528F} => pcalua.exe -a C:\Users\Pavel274\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Pavel274\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:2756
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdatePSTShortCut => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateLBPShortCut => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5cd8f17f4086744065eb0992a09e05a2 => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cjqehlqkxs => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zzeraoshvc => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ff => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\0ea6602f688bf515c8e0367b0a8c4d35 => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8d53f1b2f5185955ae6e6ffc403b00b5 => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-395542899-2756949658-4088785033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmp7771 => value deleted successfully.
"HKU\S-1-5-21-395542899-2756949658-4088785033-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ab694c1-4e60-11e4-8a9b-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{4ab694c1-4e60-11e4-8a9b-806e6f6e6963} => Key not found.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ea6602f688bf515c8e0367b0a8c4d35.exe => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8d53f1b2f5185955ae6e6ffc403b00b5.exe => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cjqehlqkxs.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA.exe => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server.exe => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7771.tmp.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zzeraoshvc.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\Trojan.exe => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\cjqehlqkxs.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\ff.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\nemar.exe => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\.vbs => Moved successfully.
C:\Users\Pavel274\AppData\Local\Temp\tmp7771.tmp.vbs => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Pavel274\Desktop\adwcleaner_4.201.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{014AE17A-CD45-490D-87D7-277A1E48837E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{014AE17A-CD45-490D-87D7-277A1E48837E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{385D2522-621B-45B6-9CCA-6CA097F95374} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{385D2522-621B-45B6-9CCA-6CA097F95374}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82376795-52D5-4580-A6F6-38C11EB5694F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82376795-52D5-4580-A6F6-38C11EB5694F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{47AD9638-31C4-4C02-96B3-C08BDF46ABD6} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47AD9638-31C4-4C02-96B3-C08BDF46ABD6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0B4B293-58A1-40DE-9C43-3EA3CA179303}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B4B293-58A1-40DE-9C43-3EA3CA179303}" => Key deleted successfully.
C:\Windows\System32\Tasks\{401C5136-CA8A-413F-B1B3-CA8DD5B18F53} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{401C5136-CA8A-413F-B1B3-CA8DD5B18F53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6C83D56-35C2-4698-BFB6-CC813D422391}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6C83D56-35C2-4698-BFB6-CC813D422391}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF5A176D-D0E8-4EAD-88AB-D5545C6CAE29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5609C33-A462-44BC-900E-733A8C2CE045}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5609C33-A462-44BC-900E-733A8C2CE045}" => Key deleted successfully.
C:\Windows\System32\Tasks\{66A1BB79-F6CE-456C-A4B2-C8197F62528F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66A1BB79-F6CE-456C-A4B2-C8197F62528F}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 56.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:51:10 ====



Díky

[altrok]

Slozky

• C:\FRST\C\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  C:\FRST\C\Users\Pavel274\AppData\Local\Temp

prosim zabalte do zipu/raru, nahrejte je na nejake uloziste (ulozto, leteckaposta.cz apod.) a link/odkaz na jejich stazeni mi prosim poslete do mailu, ktery mam v podpisu.

Nasledne doinstalujte Service Pack 1 a pak i vsechny dulezite MS Windows aktualizace operacniho systemu - protoze system nemate vubec aktualizovany, proces bude trvat az nekolik hodin a je nutne ho (vyhledani aktualizaci) nekolikrat po kazdem restartu zopakovat.

Pak dejte aktualni log FRST (pravdepodobne bude dlouhy, takze jej rozdelte do vice prispevku).

[V0k0un11]

Dobrý den,

obávám se,že dané složky nemůžu najít. Při automatickém hledání nic nenalezeno, manuálně také ne.


Windows update neběží., resp se napíše hláška Win nemůže vyhledat aktualizace, protože služba není zaptnuta... ani dowload aktualizaci ze stranek microsoft neběží....

Prosím o radu.

Děkuji

[altrok]

U slozek jsem napsal spatnou cestu. Ani zde nic nemate?
C:\FRST\Quarantine\C\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\FRST\Quarantine\C\Users\Pavel274\AppData\Local\Temp


Co se tyce aktualizaci:
Start -> spustit -> zadejte: services.msc -> na sluzbu Windows Update kliknete 2x levym mysitkem a nastavte

• Typ spousteni na Automaticky
• Stav sluzby: kliknete na Spustit

Pote zkuste aktualizace znovu vyhledat.

[V0k0un11]

Teď jsem to už našel a nahrál.

Link odeslán na mejl ve Vašem podpisu.

Windows asi neaktualizuji, zřejmě spuštěny přes nějaký aktivátor. Ikdyž se jedná o notebook původně s orig. Win...Není můj.

[altrok]

Prijeti vzorku potvrzuji a dekuju za ne.


Nelegalni system je jednak proti pravidlum tohoto fora, ale co by Vas melo trapit vic je prave nemozost aktualizaci, coz velice zvysuje zranitelnost operacniho systemu. Navic jste bez antiviru, ktery je pro nezkuseneho uzivatele nutnosti.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[V0k0un11]

Dobrý den,

provedeno.

Posílám ještě log:
# DelFix v10.9 - Logfile created 23/04/2015 at 15:37:58
# Updated 27/02/2015 by Xplode
# Username : Pavel274 - PAVEL274-PC
# Operating System : Windows 7 Home Premium (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Pavel274\Desktop\Addition.txt
Deleted : C:\Users\Pavel274\Desktop\Fixlog.txt
Deleted : C:\Users\Pavel274\Desktop\FRST.txt
Deleted : C:\Users\Pavel274\Desktop\FRST64.exe
Deleted : C:\Users\Pavel274\Desktop\JRT.txt
Deleted : C:\Users\Pavel274\Desktop\JRT_NEW.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########


Takže PC je už OK?

Děkuji

[altrok]

Pokud jste v mezikrocich do PC nenatahl novou havet, melo by byt cisto.

[V0k0un11]

Ještě jeden dotaz. Při spuštění Avastu mi to hlásí trojský koně ve složce, co jsem Vám posílal C:\FRST\C\Users\Pavel274\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.

Co s tím?

Děkuji za odpověď.