VIRY.CZ

Dobrý den,
v předmětu jsem uvedl hlavní problémy, kterých jsem si všiml. Co se týče pomalého nb, jde hlavně o nižší výkon u her, ale celkově se mi to zdá nějaké zpomalené. No, není to zrovna odborný popis problému Proto ale prosím o kontrolu logu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dwarf at 2013-01-31 16:53:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 292 GB (63%) free of 461 GB
Total RAM: 3767 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:53:41, on 31.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dwarf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dwarf\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dwarf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Translate Client.lnk = C:\Program Files (x86)\Translate Client\translateclient.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Easy File Protector (ACDService) - Unknown owner - C:\EASY FILE PROTECTOR\EFPA.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13733 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 27927904
\??\C:\Windows\system32\conhost.exe "-80397525373222160-7339219371648088343382920760-1617643442198631938491668516
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\EASY FILE PROTECTOR\EFPA.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Spybot - Search & Destroy\SDWinSec.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 2472
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
"C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Mouse\Amoumain.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0a8bae6c-f6e4-4c48-88b1-bd134d79d41e -SystemEventPortName:HostProcess-df374d5a-c920-4625-8a55-2e927af23570 -IoCancelEventPortName:HostProcess-202f7353-5806-4d06-a080-ef908a01a345 -NonStateChangingEventPortName:HostProcess-03baa451-fb99-4eee-b3bc-692c6302947b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:af464d41-aa3e-48f5-8b07-aadfe1261b55 -DeviceGroupId:
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"taskhost.exe"
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="2684.0.163410888\655885214" /prefetch:3
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2684.1.1981635983\19978262" --supports-dual-gpus=false --skip-gpu-full-info-collection --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x68e4 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.741.1.6000 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="2684.2.223227615\1399114338" /prefetch:3
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="2684.3.1714053079\336680320" /prefetch:3
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="2684.5.1411253303\2118089478" /prefetch:3
"C:\Users\Dwarf\Hygiena\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-14 551400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-14 209384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-13 2103912]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-04-22 223264]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-27 349552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 2107176]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-06-11 496160]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2008-03-03 196608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Dwarf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 138096]
"ShowBatteryBar"=C:\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]
"Google Update"=C:\Users\Dwarf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20 116648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-08-10 975952]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Translate Client.lnk - C:\Program Files (x86)\Translate Client\translateclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-20 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ACDService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FDCBNT.SYS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-31 14:27:07 ----D---- C:\Program Files\Recuva
2013-01-13 09:06:00 ----D---- C:\Program Files (x86)\WOLFCODERS CamBlocker
2013-01-09 22:19:16 ----D---- C:\ProgramData\REVOLT
2013-01-09 22:13:27 ----D---- C:\Program Files (x86)\Games
2013-01-09 11:35:40 ----D---- C:\ProgramData\RELOADED
2013-01-09 11:28:44 ----D---- C:\The Walking Dead
2013-01-09 08:19:44 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 08:19:43 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 08:19:42 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 08:19:41 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 08:19:11 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 08:19:11 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 08:19:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 08:19:09 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 08:19:07 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 08:19:07 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 08:18:56 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 08:18:56 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 08:18:56 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 08:18:55 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 08:18:03 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 08:18:01 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 08:17:51 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 08:17:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 08:17:49 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 08:17:46 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:17:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:17:45 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:17:40 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 08:17:40 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 08:17:39 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-03 21:23:24 ----A---- C:\Windows\SYSWOW64\pthreadGC.dll
2013-01-03 21:23:23 ----D---- C:\RV House
2013-01-03 13:14:34 ----D---- C:\ReVolt

======List of files/folders modified in the last 1 month======

2013-01-31 16:53:39 ----D---- C:\Program Files\trend micro
2013-01-31 16:53:33 ----D---- C:\Windows\Temp
2013-01-31 16:49:54 ----D---- C:\Users\Dwarf\AppData\Roaming\AIMP3
2013-01-31 15:08:11 ----SHD---- C:\System Volume Information
2013-01-31 14:27:07 ----RD---- C:\Program Files
2013-01-31 11:10:38 ----D---- C:\Windows\system32\config
2013-01-31 10:58:06 ----A---- C:\Windows\SYSWOW64\log.txt
2013-01-28 12:04:41 ----D---- C:\Windows\system32\catroot2
2013-01-26 10:31:46 ----D---- C:\Windows\System32
2013-01-26 10:31:46 ----D---- C:\Windows\inf
2013-01-26 10:31:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-24 18:23:17 ----D---- C:\Windows\Prefetch
2013-01-21 18:47:58 ----D---- C:\Users\Dwarf\AppData\Roaming\uTorrent
2013-01-20 12:21:51 ----D---- C:\Windows\rescache
2013-01-15 22:11:03 ----D---- C:\Users\Dwarf\AppData\Roaming\DAEMON Tools Lite
2013-01-15 08:18:19 ----D---- C:\Windows
2013-01-14 22:35:01 ----D---- C:\Windows\Logs
2013-01-14 22:35:01 ----D---- C:\Windows\debug
2013-01-13 09:06:00 ----RD---- C:\Program Files (x86)
2013-01-12 09:59:44 ----D---- C:\Windows\Microsoft.NET
2013-01-12 09:59:43 ----RSD---- C:\Windows\assembly
2013-01-10 08:40:37 ----D---- C:\Windows\winsxs
2013-01-10 08:37:58 ----D---- C:\Windows\SysWOW64
2013-01-10 08:37:52 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-10 08:37:52 ----D---- C:\Windows\system32\cs-CZ
2013-01-10 08:37:40 ----D---- C:\Windows\AppPatch
2013-01-09 23:17:19 ----SHD---- C:\Windows\Installer
2013-01-09 23:09:32 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 23:07:11 ----D---- C:\ProgramData\Microsoft Help
2013-01-09 22:19:16 ----HD---- C:\ProgramData
2013-01-09 18:59:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-09 08:16:16 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 984144]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 370288]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 59728]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-01 283200]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-05 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-13 2424040]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-28 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-28 17408]
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-25 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-25 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-25 21544]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-07-28 57280]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDService;Easy File Protector; C:\EASY FILE PROTECTOR\EFPA.exe [2008-01-15 465920]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-20 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-07-01 325656]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-29 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-02-03 244904]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1255736]

-----------------EOF-----------------

Zdravím.

Vydrž minutku, na logu se intenzivně pracuje.

Pokud jsi tak ještě neučinil, odinstaluj Bing Bar - zdržovadlo.
Odinstaluj Spybot - Search & Destroy. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.


Potom stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

• Proveď aktualizaci virové databáze.
• V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
• Předem nic nemaž!!
• MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dwarf :: DWARF-PC [administrátor]

31.1.2013 17:51:18
mbam-log-2013-01-31 (17-51-18).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 725283
Uplynulý čas: 3 hodin, 14 minut, 42 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Výborně, MBAM zase z počítače odinstaluj, už nebude potřeba.


Potom stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!!
• Spusť AdwCleaner.
• Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Klikni na [Search].
• Proběhne scan a pak se objeví log, který bude případně uložen na systémovém disku jako AdwCleaner[R?].txt - ten mi sem vlož.

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 14:46:19
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dwarf - DWARF-PC
# Boot Mode : Normal
# Running from : C:\Users\Dwarf\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\ICQ6Toolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\Dwarf\AppData\Local\APN

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-2864836239-1901144840-608393158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-2864836239-1901144840-608393158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKU\S-1-5-21-2864836239-1901144840-608393158-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.qip.ru
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Dwarf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2558 octets] - [01/02/2013 14:46:19]

########## EOF - C:\AdwCleaner[R1].txt - [2618 octets] ##########

Provedeme opravy.

• Spusť AdwCleaner znovu.
• Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Klikni na [Delete].
• PC provede opravu, restartuje se a vytvoří log C:\AdwCleaner [S1].txt - jeho obsah mi sem zase vlož.

Dále stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!
• Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Počkej, než program dokončí Prescan.
• Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
• Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
• Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452

První log:

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 16:33:13
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dwarf - DWARF-PC
# Boot Mode : Normal
# Running from : C:\Users\Dwarf\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Dwarf\AppData\Local\APN

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Dwarf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2681 octets] - [01/02/2013 14:46:19]
AdwCleaner[S1].txt - [2414 octets] - [01/02/2013 16:33:13]

########## EOF - C:\AdwCleaner[S1].txt - [2474 octets] ##########


Druhý log:

RogueKiller V8.4.3 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dwarf [Práva správce]
Mód : Kontrola -- Datum : 02/01/2013 16:40:19
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 9039abc235695a7d510715f74e587957
[BSP] aa74a8abc48dbbee431b6b1d643aa360 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_02012013_02d1640.txt >>
RKreport[1]_S_02012013_02d1640.txt

Super, takže provedeme další opravy.

• Ukonči všechny programy!
• Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Počkej, než program dokončí Prescan.
• Zvol možnost [Prohledat] a počkej, až prohlídka proběhne.
• V záložce Registry nech všechny nálezy označeny, odfajfkuj pouze řádek:
• Klikni na tlačítko [Smazat] a následně na [Zpráva] - otevře se log, ten mi sem vlož.

A vlož mi sem prosím nový aktuální log ze RSITu, ať se podívám, co se povedlo a co zatím ne.

První log:

RogueKiller V8.4.3 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Dwarf [Práva správce]
Mód : Odebrat -- Datum : 02/01/2013 17:44:47
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 9039abc235695a7d510715f74e587957
[BSP] aa74a8abc48dbbee431b6b1d643aa360 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2]_D_02012013_02d1744.txt >>
RKreport[1]_S_02012013_02d1640.txt ; RKreport[2]_D_02012013_02d1744.txt


Log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dwarf at 2013-02-01 17:46:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 289 GB (63%) free of 461 GB
Total RAM: 3767 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:46:07, on 1.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dwarf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dwarf\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dwarf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Translate Client.lnk = C:\Program Files (x86)\Translate Client\translateclient.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Easy File Protector (ACDService) - Unknown owner - C:\EASY FILE PROTECTOR\EFPA.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12410 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 31104240
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "437993956-1944198881772423425-2132255952712803332-1864325674-1597471430-575005170
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\EASY FILE PROTECTOR\EFPA.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2456
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Mouse\Amoumain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1760.1.302767266\299054876" --supports-dual-gpus=false --skip-gpu-full-info-collection --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x68e4 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.741.1.6000 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="1760.2.1443204618\896481026" /prefetch:3
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="1760.3.1911847005\280717286" /prefetch:3
taskeng.exe {BC7BC398-71AE-4F76-96E4-6437B5011C22}
"C:\Users\Dwarf\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/5/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_05/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="1760.6.802476549\175304795" /prefetch:3
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Dwarf\Hygiena\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-14 551400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-14 209384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-13 2103912]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-04-22 223264]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-27 349552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 2107176]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-06-11 496160]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2008-03-03 196608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Dwarf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 138096]
"ShowBatteryBar"=C:\BatteryBar\ShowBatteryBar.exe [2009-05-28 89600]
"Google Update"=C:\Users\Dwarf\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20 116648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-08-10 975952]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Translate Client.lnk - C:\Program Files (x86)\Translate Client\translateclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-20 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ACDService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCBNT.SYS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ACDService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FDCBNT.SYS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-01 16:33:13 ----A---- C:\AdwCleaner[S1].txt
2013-02-01 14:46:19 ----A---- C:\AdwCleaner[R1].txt
2013-01-31 17:50:00 ----D---- C:\Users\Dwarf\AppData\Roaming\Malwarebytes
2013-01-31 17:49:52 ----D---- C:\ProgramData\Malwarebytes
2013-01-31 14:27:07 ----D---- C:\Program Files\Recuva
2013-01-13 09:06:00 ----D---- C:\Program Files (x86)\WOLFCODERS CamBlocker
2013-01-09 22:19:16 ----D---- C:\ProgramData\REVOLT
2013-01-09 22:13:27 ----D---- C:\Program Files (x86)\Games
2013-01-09 11:35:40 ----D---- C:\ProgramData\RELOADED
2013-01-09 11:28:44 ----D---- C:\The Walking Dead
2013-01-09 08:19:44 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 08:19:43 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 08:19:42 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 08:19:41 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 08:19:11 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 08:19:11 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 08:19:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 08:19:09 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 08:19:07 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 08:19:07 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 08:18:56 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 08:18:56 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 08:18:56 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 08:18:55 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 08:18:03 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 08:18:01 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 08:17:51 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 08:17:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 08:17:49 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 08:17:47 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 08:17:46 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:17:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:17:45 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:17:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:17:43 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:17:42 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:17:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:17:40 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 08:17:40 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 08:17:39 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-03 21:23:24 ----A---- C:\Windows\SYSWOW64\pthreadGC.dll
2013-01-03 21:23:23 ----D---- C:\RV House
2013-01-03 13:14:34 ----D---- C:\ReVolt

======List of files/folders modified in the last 1 month======

2013-02-01 17:46:06 ----D---- C:\Program Files\trend micro
2013-02-01 17:46:05 ----D---- C:\Windows\Temp
2013-02-01 16:37:22 ----A---- C:\Windows\SYSWOW64\log.txt
2013-02-01 16:35:17 ----D---- C:\Windows\system32\config
2013-02-01 16:33:18 ----RD---- C:\Program Files (x86)
2013-02-01 16:33:17 ----HD---- C:\ProgramData
2013-02-01 16:31:56 ----D---- C:\Users\Dwarf\AppData\Roaming\AIMP3
2013-02-01 14:10:29 ----D---- C:\Windows\system32\drivers
2013-02-01 13:45:02 ----D---- C:\Windows
2013-02-01 12:00:57 ----SHD---- C:\System Volume Information
2013-02-01 09:09:33 ----D---- C:\Users\Dwarf\AppData\Roaming\uTorrent
2013-02-01 09:09:33 ----D---- C:\Users\Dwarf\AppData\Roaming\DAEMON Tools Lite
2013-02-01 09:09:27 ----D---- C:\Windows\inf
2013-02-01 08:36:48 ----D---- C:\Program Files\CCleaner
2013-01-31 17:48:43 ----D---- C:\Spybot - Search & Destroy
2013-01-31 17:48:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-01-31 17:48:05 ----SHD---- C:\Windows\Installer
2013-01-31 17:47:54 ----SD---- C:\ProgramData\Microsoft
2013-01-31 17:47:54 ----D---- C:\Program Files (x86)\Microsoft
2013-01-31 14:27:07 ----RD---- C:\Program Files
2013-01-28 12:04:41 ----D---- C:\Windows\system32\catroot2
2013-01-26 10:31:46 ----D---- C:\Windows\System32
2013-01-26 10:31:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-24 18:23:17 ----D---- C:\Windows\Prefetch
2013-01-20 12:21:51 ----D---- C:\Windows\rescache
2013-01-17 01:28:58 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-14 22:35:01 ----D---- C:\Windows\Logs
2013-01-14 22:35:01 ----D---- C:\Windows\debug
2013-01-12 09:59:44 ----D---- C:\Windows\Microsoft.NET
2013-01-12 09:59:43 ----RSD---- C:\Windows\assembly
2013-01-10 08:40:37 ----D---- C:\Windows\winsxs
2013-01-10 08:37:58 ----D---- C:\Windows\SysWOW64
2013-01-10 08:37:52 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-10 08:37:52 ----D---- C:\Windows\system32\cs-CZ
2013-01-10 08:37:40 ----D---- C:\Windows\AppPatch
2013-01-09 23:09:32 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 23:07:11 ----D---- C:\ProgramData\Microsoft Help
2013-01-09 18:59:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-09 08:16:16 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 984144]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 370288]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 59728]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-01 283200]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-05 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-13 2424040]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-28 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-28 17408]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-25 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-25 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-25 21544]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-07-28 57280]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDService;Easy File Protector; C:\EASY FILE PROTECTOR\EFPA.exe [2008-01-15 465920]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-20 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-07-01 325656]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-29 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-02-03 244904]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1255736]

-----------------EOF-----------------

Fixni v HJT níže uvedené položky.

• Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
• Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
• Položky, které v seznamu nenajdeš, prostě přeskoč.
• HJT najdeš zde: C:\Program Files\trend micro\Dwarf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)


Dále stáhni utilitu OTM z jednoho z těchto odkazů:

• http://oldtimer.geekstogo.com/OTM.exe
• http://oldtimer.geekstogo.com/OTM.com
• http://oldtimer.geekstogo.com/OTM.scr

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli, včetně té dvojtečky před Commands!): Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dwarf
->Temp folder emptied: 1937310 bytes
->Temporary Internet Files folder emptied: 6527716 bytes
->Java cache emptied: 684838000 bytes
->Google Chrome cache emptied: 428327572 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57179 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 550808 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 626 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,070.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dwarf
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service PanService stopped successfully!
Service PanService deleted successfully!
========== FILES ==========
C:\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Users\Dwarf\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\Dwarf\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\Dwarf\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\Dwarf\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E49.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28D4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F97.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AC4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5FBB.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP741B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA343.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD1B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA42.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEBDA.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1DC.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2156.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP346C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP40C8.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4963.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4B05.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4DB4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP53FE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6E7B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6E9C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9EE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA3BE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA6AA.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB4A2.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC496.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCD1D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD345.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDA2A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE918.tmp folder moved successfully.
C:\Windows\Installer\MSID37A.tmp moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864836239-1901144840-608393158-1000UA.job moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Translate Client.lnk moved successfully.
C:\AdwCleaner[S1].txt moved successfully.
C:\AdwCleaner[R1].txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 02022013_132332

Files moved on Reboot...
C:\Users\Dwarf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OK, OTM provedlo, co mělo.

Jak je na tom počítač? Můžu po sobě uklidit a hotovo?

Myslím, že už by to mělo být v pohodě. Co se rychlosti týče, už mi to nepřijde takové pomalé jako před tím, všechno se načítá v pohodě. A co se týče explorer.exe, tak má kolem 45 tisíc kB a teď nevím, jestli to je hodně nebo málo, před tím jsem to moc nesledoval. Každopádně to o nějakých 100 tisíc kB kleslo

Myslím, že takhle to už bude v pořádku.
Takže postupně, zvrchu dolů projeď všechny čistící utilitky a je hotovo.


T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stáhni a spusť.
• Pro potvrzení volby mačkej A, Enter.
• Po použití utilitu smaž ručně.
• Antiviry mohou tuto utilitu chybně označit jako vir - jedná se o falešný poplach - takže v pohodě stáhni (případně vypni při stahování antivir)!

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stáhni a spusť.
• Klikni na CleanUp a potvrď YES.
• Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stáhni a spusť.
• Klikni na Start a potvrď OK.
• Program uklidí a může (nemusí) restartovat PC.
• Po použití utilitu smaž ručně.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

• Panel čistič
• Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

• Panel registry
• Klikni na Hledej problémy.
• Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
• Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

• Panel nástroje
• Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.