Kontrola logu

[imperratorr]

Dobrý den,
po posledním spuštění PC mi při pokusu o přihlášení na facebook mi stránka vypsala, že má podezření na malware a 3D software se chová zpomaleně a se zjevným snížením FPS a při rychlém psaní této žádosti vykazují některá jádra procesoru velmi vysokou zátěž.

Proto se obracím na Vás s žádostí o kontrolu logu.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Rendor at 2016-03-21 22:45:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 8173 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:57, on 21.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Rendor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe" /nodlg
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA

\raysat_3dsmax2013_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8557 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {3F1C40CD-03B4-4F6D-8DEB-A2BC778E3B7E}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {35F7F55C-2DFF-4158-8F09-65A32A660B74}
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe" /nodlg
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search"

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 936 940 948 65536 944
"C:\Users\Rendor\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job
C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default

prefs.js - "browser.startup.homepage" - "https://www.google.cz/?gfe_rd=cr&ei=ag9 ... gws_rd=ssl"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-02 901600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-25 1427648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"=C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe [2009-08-05 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager]
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe -showminimized -checkautorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS]
C:\Windows\AutoKMS.exe [2014-11-17 615936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2015-12-26 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series]
C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE [2009-09-14 224768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSplay.exe]
G:\GSplay\GSplay.exe [2014-03-12 4772747]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MWSnap]
C:\Program Files (x86)\MWSnap\MWSnap.exe [2015-04-12 427008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -controlservice -slave []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
C:\PROGRA~1\COMODO\GEEKBU~1\launcher.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-05-11 5119600]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-18 7139256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2016-03-19 15:37:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-02 15:18:17 ----A---- C:\Windows\system32\aswBoot.exe
2016-03-02 15:18:13 ----A---- C:\Windows\avastSS.scr

======List of files/folders modified in the last 1 month======

2016-03-21 22:45:56 ----D---- C:\Windows\Temp
2016-03-21 22:45:56 ----D---- C:\Program Files\trend micro
2016-03-21 22:42:29 ----D---- C:\Windows
2016-03-21 21:21:25 ----D---- C:\Users\Rendor\AppData\Roaming\uTorrent
2016-03-21 21:21:25 ----D---- C:\Users\Rendor\AppData\Roaming\TS3Client
2016-03-21 21:21:14 ----D---- C:\Windows\inf
2016-03-21 20:54:59 ----D---- C:\Windows\System32
2016-03-21 20:54:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-20 13:21:54 ----D---- C:\Windows\system32\catroot2
2016-03-20 13:20:01 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 19:31:49 ----RD---- C:\Program Files (x86)
2016-03-19 16:16:36 ----D---- C:\Users\Rendor\AppData\Roaming\foobar2000
2016-03-16 22:57:30 ----HD---- C:\ProgramData
2016-03-16 20:10:47 ----D---- C:\Windows\system32\Tasks
2016-03-16 20:10:47 ----D---- C:\Program Files (x86)\Opera
2016-03-10 21:40:35 ----D---- C:\Windows\SysWOW64
2016-03-10 21:40:31 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-10 12:50:57 ----D---- C:\Windows\system32\drivers
2016-03-02 15:18:19 ----D---- C:\Windows\winsxs
2016-02-25 17:29:17 ----D---- C:\Windows\system32\config
2016-02-25 17:28:55 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-03-02 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-03-02 287016]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-03-02 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-03-02 463744]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2015-11-18 21184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2015-11-18 806032]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2015-08-05 45856]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-17 283064]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2015-08-05 105096]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-03-02 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-03-02 165344]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-07-29 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-07-29 79104]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2016-03-21 25640]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2015-09-09 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-02-02 110336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-09-15 33856]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-02-02 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUSB;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2015-02-02 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-02-07 31192]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-03-02 237096]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2015-09-08 5542472]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011

-09-14 86016]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-01-02 76888]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-02-02 743688]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-05-04 27760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-08-25 2265792]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-12-09 1357104]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-19 146888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2015-12-26 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2015-12-26 279848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2015-09-09 800208]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09

139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09

139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09

139696]

-----------------EOF-----------------

[altrok]

Krasny den Vam preju


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[imperratorr]

log FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Rendor (administrator) on RENDOR-PC (22-03-2016 11:47:21)
Running from C:\Users\Rendor\Desktop
Loaded Profiles: Rendor (Available Profiles: Rendor)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NirSoft) C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(forum.viry.cz) C:\Users\Rendor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-25] (COMODO)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKU\S-1-5-21-4015150708-652531026-4121813623-1000\...\Run: [$Volumouse$] => C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-4015150708-652531026-4121813623-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07]

(Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 10.0.254.2 10.0.254.3
Tcpip\..\Interfaces\{00326DB0-3341-4124-9DEB-93E3E2708E64}: [DhcpNameServer] 10.0.254.2 10.0.254.3
Tcpip\..\Interfaces\{9B0AF76A-697D-4B5D-B8E3-D00FDEC80516}: [DhcpNameServer] 7.254.254.254

Internet Explorer:
==================
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft

Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default
FF Homepage: hxxps://www.google.cz/?gfe_rd=cr&ei=ag9qVNbVGKf ... gws_rd=ssl
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4015150708-652531026-4121813623-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Extension: Stylish - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-01-25]
FF Extension: NoScript - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-20]
FF Extension: YouTube No Buffer - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default\Extensions\jid0-zxGf4jM5hHg1dJ5Gf1H7NfFfe76@jetpack.xpi [2016-01-26]
FF Extension: Video DownloadHelper - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Rendor\AppData\Roaming\Mozilla\Firefox\Profiles\1ahhuol5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-02]

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Video Download Helper) - C:\Users\Rendor\AppData\Roaming\Opera Software\Opera Stable\Extensions\diefijfleiebcgdkmaefbjehgcokpdjl [2016-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-02] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-25] (COMODO)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2015-12-26] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-02] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-02-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [800208 2015-09-09] (Tunngle.net GmbH) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-02] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2015-09-09] (Tunngle.net)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 11:47 - 2016-03-22 11:47 - 00015109 _____ C:\Users\Rendor\Desktop\FRST.txt
2016-03-22 11:46 - 2016-03-22 11:46 - 00112640 _____ (forum.viry.cz) C:\Users\Rendor\Desktop\FRSTLauncher.exe
2016-03-22 11:32 - 2016-03-22 11:47 - 00000000 ____D C:\FRST
2016-03-22 00:12 - 2016-03-22 00:12 - 02374144 _____ (Farbar) C:\Users\Rendor\Desktop\FRST64.exe
2016-03-19 15:37 - 2016-03-19 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-02 15:18 - 2016-03-02 15:18 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-02 15:18 - 2016-03-02 15:18 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 11:44 - 2014-11-17 16:15 - 00000000 ___RD C:\Users\Rendor\Desktop\ 
2016-03-22 11:40 - 2016-02-14 00:25 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 11:34 - 2011-04-12 09:34 - 00806378 _____ C:\Windows\system32\perfh005.dat
2016-03-22 11:34 - 2011-04-12 09:34 - 00186842 _____ C:\Windows\system32\perfc005.dat
2016-03-22 11:34 - 2009-07-14 06:13 - 01767430 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 11:34 - 2009-07-14 05:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 11:34 - 2009-07-14 05:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 11:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-22 11:27 - 2014-11-17 15:56 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-03-22 11:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 04:02 - 2014-11-17 17:54 - 00000000 ____D C:\Users\Rendor\AppData\Roaming\foobar2000
2016-03-21 22:45 - 2015-01-02 11:15 - 00000000 ____D C:\Program Files\trend micro
2016-03-21 21:21 - 2015-04-05 23:03 - 00000000 ____D C:\Users\Rendor\AppData\Roaming\TS3Client
2016-03-21 21:21 - 2014-11-24 21:41 - 00000000 ____D C:\Users\Rendor\AppData\Roaming\uTorrent
2016-03-20 13:20 - 2014-12-09 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 01:52 - 2015-07-15 00:21 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-18 21:53 - 2014-11-17 16:27 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-16 20:10 - 2014-12-31 21:57 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420059448
2016-03-16 20:10 - 2014-12-31 21:57 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-10 21:40 - 2016-02-14 00:25 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 21:40 - 2015-07-15 00:21 - 00003956 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-10 21:40 - 2014-11-17 17:04 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 21:40 - 2014-11-17 17:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 02:19 - 2014-12-31 22:18 - 00000000 ___RD C:\Users\Rendor\Desktop\Tor
2016-03-09 19:19 - 2014-11-17 16:27 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-09 19:19 - 2014-11-17 16:27 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-02 15:18 - 2014-11-17 16:27 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-26 17:46 - 2014-11-28 13:10 - 00007597 _____ C:\Users\Rendor\AppData\Local\Resmon.ResmonCfg
2016-02-22 14:28 - 2016-02-06 18:30 - 00000000 ___SD C:\Users\Rendor\AppData\LocalLow\Temp

==================== Files in the root of some directories =======

2015-05-21 19:37 - 2015-05-16 11:06 - 0137728 _____ () C:\Program Files (x86)\CORE10k.EXE
2014-11-28 15:28 - 2015-12-16 19:36 - 0000132 _____ () C:\Users\Rendor\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2014-11-28 13:10 - 2016-02-26 17:46 - 0007597 _____ () C:\Users\Rendor\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-21 21:05

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:55.8 GB) (Free:15.95 GB) NTFS
Drive e: () (Fixed) (Total:48.83 GB) (Free:0.71 GB) NTFS
Drive f: () (Fixed) (Total:439.45 GB) (Free:0.99 GB) NTFS
Drive g: () (Fixed) (Total:443.21 GB) (Free:1.83 GB) NTFS

Available physical RAM: 6439.58 MB
Total physical RAM: 8173.24 MB
Percentage of memory in use: 21%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 0DC60DC6)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=882.7 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 04450444)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Program Files (x86)\CORE10k.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Program Files (x86)\CORE10k.EXE:$CmdZnID [26]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\GPInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNNeroBackItUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNNeroVision.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNRecode.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDEML.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Faac.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Lame.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lame_enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcp71.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\npptNT2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OggEnc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrA.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.xtr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pvdt80.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VBOLock.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\W95INF16.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\W95INF32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hamachi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901t.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [278]
AlternateDataStreams: C:\Users\Rendor\Desktop\file.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Desktop\file.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRST64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRSTLauncher.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\RSITx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\4-ohyb.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\4-ohyb.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Downloads\Dějiny-a-bydlení.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Downloads\Dějiny-a-bydlení.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Downloads\Tlak_data.xls:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\Tlak_data.xls:$CmdZnID [26]

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Rendor\Desktop" je 201 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX218 Series
C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S3707.tmp" /EF "HKCU" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSplay.exe
G:\GSplay\GSplay.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MWSnap
"C:\Program Files (x86)\MWSnap\MWSnap.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol
"C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk
C:\PROGRA~1\COMODO\GEEKBU~1\launcher.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[imperratorr]

log Addition


Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Rendor (2016-03-22 11:47:44)
Running from C:\Users\Rendor\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-11-17 14:26:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4015150708-652531026-4121813623-500 - Administrator - Disabled)
Guest (S-1-5-21-4015150708-652531026-4121813623-501 - Limited - Disabled)
Rendor (S-1-5-21-4015150708-652531026-4121813623-1000 - Administrator - Enabled) => C:\Users\Rendor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4015150708-652531026-4121813623-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
AutoCAD 2015 – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.0.0.347 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2015 Language Pack – Čeština (Czech) (HKLM\...\AutoCAD 2015 Language Pack – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk Civil View for 3ds Max Design 2013 (HKLM-x32\...\{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}) (Version: 1.0.0.2 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit (HKLM\...\{62CBE596-1BB8-4D7B-A056-103287BAD1C4}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version: - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit (HKLM\...\{BC66B242-DF13-1664-851B-00123612ED98}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit (HKLM\...\{06E18300-BB64-1664-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Batch & Print Pro (HKLM-x32\...\{087C45BF-C92E-4161-87D7-0303328BB576}) (Version: - )
Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack (HKLM-x32\...\Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dishonored Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Fallout 3 GOTY version 1.7.0.3 (HKLM-x32\...\Fallout 3 GOTY_is1) (Version: 1.7.0.3 - Mr DJ)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FlexPDE6 (HKLM-x32\...\FlexPDE6) (Version: - )
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Import souborů SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intergraph SmartSketch (HKLM-x32\...\SmartSketch) (Version: - )
Intergraph SmartSketch CAD Translators (HKLM-x32\...\SmartSketchCADTranslators) (Version: - )
ISO Workshop 5.6 (HKLM-x32\...\ISO Workshop_is1) (Version: - Glorylogic)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 10.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 cs)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
My Audio Cutter V1.1 (HKLM-x32\...\My Audio Cutter_is1) (Version: - )
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301029}) (Version: 7.02.9753 - Nero AG)
NirSoft Volumouse (HKLM-x32\...\Volumouse) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)
Odinstalace tiskárny EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version: - SEIKO EPSON Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 36.0.2130.32 (HKLM-x32\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\GOGPACKSTALKERCOP_is1) (Version: 2.0.0.12 - GOG.com)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SmartSketch - České prostředí 4.0 SP2 (HKLM-x32\...\SmartSketch - České prostředí_is1) (Version: 4.0 SP2 - )
Speciální aplikace Autodesk (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk)
SuperBot 3.1A (HKLM-x32\...\SuperBot 3.1A) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.70 - Tennyson Maxwell Information Systems, Inc.)
The Elder Scrolls III Morrowind GOTY version 1.0.0.0 (HKLM-x32\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 1.0.0.0 - Mr DJ)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.5 - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
V-Ray for 3dsmax 2013 for x64 (HKLM\...\V-Ray for 3dsmax 2013 for x64) (Version: 2.30.01 - Chaos Software Ltd)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4015150708-652531026-4121813623-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> F:\PROGRAMY\AutoCAD 2015\acad.exe (Autodesk,

Inc.)
CustomCLSID: HKU\S-1-5-21-4015150708-652531026-4121813623-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> F:\PROGRAMY\AutoCAD 2015\acad.exe (Autodesk,

Inc.)
CustomCLSID: HKU\S-1-5-21-4015150708-652531026-4121813623-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> F:\PROGRAMY\AutoCAD 2015\cs-CZ\acadficn.dll

(Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18647D9F-DDAC-4805-86C2-B848265051AA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet

Security\cfpconfg.exe [2015-08-25] (COMODO)
Task: {340F4AD4-F6D5-4ACD-BA6C-4C6406ED12EE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03

-10] (Adobe Systems Incorporated)
Task: {445F6602-35FE-46BA-A8BA-99EF294D5145} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-02] (AVAST Software)
Task: {4F815D42-6182-47A3-97F8-228C82E98467} - System32\Tasks\AdobeAAMUpdater-1.0-Rendor-PC-Rendor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7396EB3C-039C-4D66-B7E4-E32B4B5A1505} - System32\Tasks\Opera scheduled Autoupdate 1420059448 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-16] (Opera Software)
Task: {A178B4C4-2093-4E7C-BFE5-3EC9388DCAC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe

Systems Incorporated)
Task: {B7ED0130-40AA-480F-B7A0-DD37DADF584F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security

\cfpconfg.exe [2015-08-25] (COMODO)
Task: {BAA3AAFD-A305-4343-BDAB-4BE860A170A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04]

(AVAST Software)
Task: {BE64FB18-3616-4014-AFA7-7DF438AEE4D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {CA838390-97AB-4ADA-AF4A-7F4902C2E82A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-11-14] ()
Task: {FE0E4E7A-F175-4E6A-A17F-F6DC126748AD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security

\cistray.exe [2015-08-25] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Desinstalar todo.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Desinstalar.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Trucar rango general\Off.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\RankOff.bat

(No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Trucar rango general\On.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\RankOn.bat

(No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Energy.lnk -> G:\GAMES\gen\CnC Generals and

Zero Hour\ModEnergy.bat (No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Holland.lnk -> G:\GAMES\gen\CnC Generals and

Zero Hour\ModHolland.bat (No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Reborn.lnk -> G:\GAMES\gen\CnC Generals and

Zero Hour\ModReborn.bat (No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Instalar Reloaded.lnk -> G:\GAMES\gen\CnC Generals and

Zero Hour\ModReloaded.bat (No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mods incompatibles entre sí\Quitar todos.lnk -> G:\GAMES\gen\CnC Generals and Zero

Hour\ModOff.bat (No File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mejorar zoom\Off.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\MejorZoomOff.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Mejorar zoom\On.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\MejorZoomOn.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 1.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Jugador1.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 2.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Jugador2.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 3.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Jugador3.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 4.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Jugador4.bat (No

File)
Shortcut: C:\Users\Rendor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals\Cambiar a\Jugador 5.lnk -> G:\GAMES\gen\CnC Generals and Zero Hour\Jugador5.bat (No

File)

==================== Loaded Modules (Whitelisted) ==============

2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\Users\Rendor\AppData\Local\MEGAsync\ShellExtX64.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-21 14:48 - 2011-02-28 23:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-04-05 21:58 - 2012-04-05 21:58 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-11-17 15:31 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2014-11-17 15:32 - 2012-05-11 08:46 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-17 15:32 - 2012-05-11 08:46 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2014-12-26 23:30 - 2016-01-02 02:09 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-05 21:57 - 2012-04-05 21:57 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-04-05 22:00 - 2012-04-05 22:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-03-02 15:18 - 2016-03-02 15:18 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-02 15:18 - 2016-03-02 15:18 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-21 22:34 - 2016-03-21 22:34 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16032102\algo.dll
2016-03-02 15:18 - 2016-03-02 15:18 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-22 11:27 - 2016-03-22 11:27 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032200\algo.dll
2014-11-17 15:31 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2016-01-07 19:09 - 2016-01-07 19:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\CORE10k.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Program Files (x86)\CORE10k.EXE:$CmdZnID [26]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\GPInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNNeroBackItUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNNeroVision.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\UNRecode.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDEML.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Faac.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Lame.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lame_enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcp71.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\npptNT2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OggEnc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrA.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.xtr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pvdt80.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VBOLock.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\W95INF16.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\W95INF32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hamachi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901t.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [278]
AlternateDataStreams: C:\Users\Rendor\Desktop\file.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Desktop\file.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRST64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRSTLauncher.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Desktop\LM.bat:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Desktop\RSITx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\4-ohyb.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\4-ohyb.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Downloads\Dějiny-a-bydlení.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Rendor\Downloads\Dějiny-a-bydlení.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\Downloads\Tlak_data.xls:$CmdTcID [64]
AlternateDataStreams: C:\Users\Rendor\Downloads\Tlak_data.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Rendor\AppData\Local\MSGBOX.EXE:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-23 11:44 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4015150708-652531026-4121813623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rendor\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 10.0.254.2 - 10.0.254.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: AutoKMS => C:\Windows\AutoKMS.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON SX218 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S3707.tmp" /EF "HKCU"
MSCONFIG\startupreg: GSplay.exe => G:\GSplay\GSplay.exe
MSCONFIG\startupreg: MWSnap => "C:\Program Files (x86)\MWSnap\MWSnap.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A0513751-A2D3-4000-A1A5-6CF12F846D26}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{C2053096-95C5-4681-AC9B-235FE775E372}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{E052CCA3-6114-4D05-A662-DBDBDD42B78C}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{3868523F-73FF-4723-A83D-953186F448FB}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{692889CD-E3BA-4178-8FE7-F30DF9AE84BD}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{6E248294-FEBC-43BD-80C3-DE03CC8399CF}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{E42ECD2E-22E0-458D-BE5C-FB87447E3CAA}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{A4D4A27E-127E-48C1-B56D-E489CA595CF8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{53B26D96-5519-424F-83F4-106352593366}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{6A1A1B68-9145-4800-ADC5-DA704B078965}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{DEF7BCC5-1690-4728-99DF-75C4F3C76596}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{76470865-660A-4AF3-A3A7-319BFA59F1A7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{9AB00761-F911-42F0-B925-6419C4EC3A1F}] => (Allow) C:\Users\Rendor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1E03229-A780-40B2-8D5E-5820243332CC}] => (Allow) C:\Users\Rendor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EC01519-48A8-4AF2-989B-13E46B485F3B}] => (Allow) LPort=50248
FirewallRules: [{EE94CFC1-F20F-4B0F-904E-239B78F8B985}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DFCD72E-C71B-4D07-B173-759E3EDE211F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0816E367-0644-48D9-844C-38CAC3AAC21E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{93928E4A-8BAB-4980-B187-A8885C378F3C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{317B8E88-7C4B-41A8-8F63-0BBF4C581487}] => (Allow) G:\GAMES\SCB\Blacklist_Launcher.exe
FirewallRules: [{6DFD4B93-4273-4F6C-BA32-7B5CF2543B6F}] => (Allow) G:\GAMES\SCB\Blacklist_Launcher.exe
FirewallRules: [{44979A3E-2478-4545-B97C-0351A8FFCEB2}] => (Allow) G:\GAMES\SCB\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{E9A02BBA-ADC1-4854-B961-D485662F369D}] => (Allow) G:\GAMES\SCB\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{7829CE86-3638-421E-BF00-05767D4F520E}] => (Allow) G:\GAMES\SCB\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{7C438ADF-02BA-4FA6-8B41-5A6488867300}] => (Allow) G:\GAMES\SCB\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{22AC6299-333B-4A53-8CE0-FD8D00B475AF}] => (Allow) G:\GAMES\SCB\src\SYSTEM\gu.exe
FirewallRules: [{8058B3DA-7320-4BC4-BD9C-0C9EBE8A9F94}] => (Allow) G:\GAMES\SCB\src\SYSTEM\gu.exe
FirewallRules: [{D7D187A4-C0FE-4421-BB28-AB7330D23972}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F58780DE-24EA-4D0A-9FF3-57E70A64B6B0}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{09A70835-957E-4CCF-A337-DB0367CCCF07}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{7BB094BE-D3E4-4BBE-B9D0-42B6A3D9DB0D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{CB52CD1E-2EBE-4D1B-8F16-E9F17FB38B8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{180280AD-843F-45B0-B03E-D09DCA45842E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DD8C88F-9840-4A75-9099-7A7DB10D4560}] => (Allow) G:\GAMES\Mr DJ\The Elder Scrolls III Morrowind GOTY\Morrowind Launcher.exe
FirewallRules: [{EA14F023-25C1-40D1-B2F9-07B828DFE497}] => (Allow) G:\GAMES\Mr DJ\The Elder Scrolls III Morrowind GOTY\Morrowind Launcher.exe
FirewallRules: [{48FCD6C3-9EEF-4376-97AC-21625C995D14}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F12347F2-95DA-4533-84DA-39B15447FEFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{24439E82-C4EA-4D2F-967E-D38F1B199748}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3E883E66-9A1A-4E72-91DD-D07C3942AB24}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{340C7793-BEB1-478A-94A0-6158E3CF44B5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DEBA1A0F-73E5-4EDE-84F5-72428A2C9FA9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{FF6BE380-4BBE-462D-8545-959D0DBEFEE2}G:\games\cs\hl.exe] => (Allow) G:\games\cs\hl.exe
FirewallRules: [UDP Query User{658330EA-5E44-4124-9681-96342C0F5C2A}G:\games\cs\hl.exe] => (Allow) G:\games\cs\hl.exe


==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2016 11:27:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2016 04:02:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4f7e4d8c
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x7c4
Čas spuštění chybující aplikace: 0xFuel.Service.exe0
Cesta k chybující aplikaci: Fuel.Service.exe1
Cesta k chybujícímu modulu: Fuel.Service.exe2
ID zprávy: Fuel.Service.exe3

Error: (03/21/2016 10:42:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2016 10:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Fuel.Service.exe, verze: 1.0.0.0, časové razítko: 0x4f7e4d8c
Název chybujícího modulu: Device.dll, verze: 4.1.0.0, časové razítko: 0x4f55e10b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000033c1
ID chybujícího procesu: 0x7cc
Čas spuštění chybující aplikace: 0xFuel.Service.exe0
Cesta k chybující aplikaci: Fuel.Service.exe1
Cesta k chybujícímu modulu: Fuel.Service.exe2
ID zprávy: Fuel.Service.exe3

Error: (03/21/2016 09:11:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WoW.exe verze 3.3.5.12340 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,

vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1128

Čas spuštění: 01d183ad9bb9a541

Čas ukončení: 76

Cesta k aplikaci: G:\GAMES\World of Warcraft2\WoW.exe

ID hlášení: 16ace66a-efa1-11e5-892d-902b34916cf9

Error: (03/21/2016 09:06:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 se

nezdařilo.
Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/21/2016 08:48:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2016 08:48:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v:

<http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem

podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
.


System errors:
=============
Error: (03/22/2016 04:02:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/21/2016 10:41:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/21/2016 07:59:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/21/2016 03:44:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/20/2016 02:00:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/19/2016 04:16:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/19/2016 03:45:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/18/2016 06:03:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/18/2016 03:21:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/17/2016 06:47:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2015-09-08 12:16:13.412
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes

could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 8173.24 MB
Available physical RAM: 6439.58 MB
Total Virtual: 16344.68 MB
Available Virtual: 14361.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:15.95 GB) NTFS
Drive e: () (Fixed) (Total:48.83 GB) (Free:0.71 GB) NTFS
Drive f: () (Fixed) (Total:439.45 GB) (Free:0.99 GB) NTFS
Drive g: () (Fixed) (Total:443.21 GB) (Free:1.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0DC60DC6)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=882.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 04450444)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[altrok]

Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualni je 8U74. Verze Javy, ktere v PC mate nainstalovane:

• Java 8 Update 25

Mate zakazane/vypnute/nefunkcni automaticke aktualizace operacniho systemu, coz Vas pocitac dela vice zranitelnym. Velice doporucuji dulezite aktualizace doinstalovat (vcetne IE 11).

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Program Files (x86)\CORE10k.EXE
  HKU\S-1-5-21-4015150708-652531026-4121813623-1000\...\Policies\Explorer: [] 
  AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [278]
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
  C:\Windows\AutoKMS.exe 
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
  Hosts:
  EmptyTemp:
  End