VIRY.CZ

Dobrý den, potřeboval bych pomoct a popíšu vám můj problém.

Zapnu PC a po načtení všech procesů mám vytížení procesoru 0-4 % což mi přijde normální.
Problém nastává po nějaké chvíli, cca. 1-5 minut když nic nedělám, kdy se dostane činnost procesoru 30-50 % vytížení, do doby než pohnu myší, po pohybu se to srovná do normálu a při nečinnosti se vytížení opakuje.
Když se chci podívat co se zapíná nebo co vytěžuje procesor v danou chvíli, přes správce úloh tak problém nenastane a PC jde bez problémů. Takže do teď "jedu" s otevřeným správcem úloh.
Mám orig. Win7 64bit zapnutý Firewall a MS Essentials který nic nenajde.

Budu vděčný za pomoc.

Poslal bych vám rovnou ten log ale nevím jestli to má být FRST, RSIT nebo DDS.

Zdravim

A budeme vesit z kristalove koule nebo logru od kafe

Kdyz se podivate nahoru, tak je tam takovej veeeeelkej oranzovej obdelnik

Omlouvám se!

Logfile of random's system information tool 1.09 (written by random/random)
Run by ERWOE at 2014-02-02 15:25:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 54 GB (7%) free of 763 GB
Total RAM: 8137 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:25:52, on 2.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ERWOE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 4&tsp=4936
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: WinToFlash Suggestor - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RazorU] C:\ProgramData\RazorU0\ntibcpsaq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Shairport4w] "C:\Users\ERWOE\AppData\Local\Temp\Rar$EXa0.163\Shairport4w.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RazorU] C:\ProgramData\RazorU0\ntibcpsaq.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\Jumi.exe
O4 - HKCU\..\Run: [Keyboard Inf.] C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe
O4 - HKCU\..\Run: [iFunBox Price Watch] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: RocketDock.exe
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
O9 - Extra button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://7.254.254.254
O15 - ESC Trusted IP range: http://7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B80087DA-1FB4-44C7-A95E-104CB96AF069}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: DAZ Content Management Service (DAZContentManagementService) - Unknown owner - C:\Programy\DAZ 3D\Content Management Service\ContentManagementServer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_ComCenService - MSI - C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
O23 - Service: MSI_SuiteCharger - MSI - C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12852 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Programy\DAZ 3D\Content Management Service\ContentManagementServer.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe"
"C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe"
"C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-480338654-95562010816655784232088133588611778469-658670525171208722-542587071
"C:\Windows\SysWOW64\WerFault.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2904
"C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe"
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3368.0.106964741\1553161291" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23,28 --gpu-vendor-id=0x10de --gpu-device-id=0x11c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3221 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.1.1070480027\941088836" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.3.366139160\854913796" /prefetch:673131151
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.11.1096077467\1261705063" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.14.1051968799\1926970773" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.16.28184652\1928503697" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.23.1715358642\1916520274" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group14 pct:1e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_19/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3368.28.1459883324\860573618" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\ERWOE\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default

prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin]
"Description"=OGPlanet Game Plugin
"Path"=C:\Windows\system32\npOGPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npwachk.dll

C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\extensions\
artur.dubovoy@gmail.com
{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\searchplugins\
Firefox.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-03 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]
MinibarBHO - C:\Program Files (x86)\Minibar\Minibar.dll [2013-02-26 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-03 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
WinToFlash Suggestor - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll [2012-05-25 281424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-01-21 1179576]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-01-21 2234144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"RazorU"=C:\ProgramData\RazorU0\ntibcpsaq.exe [2013-04-23 425984]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"ishutdown2"=C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [2011-05-31 17920]
"JumiController"=C:\Program Files (x86)\Jumi\Jumi.exe []
"Keyboard Inf."=C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe [2014-01-24 4459872]
"iFunBox Price Watch"=C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-26 291608]
"Super-Charger"=C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [2012-07-27 495616]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"RazorU"=C:\ProgramData\RazorU0\ntibcpsaq.exe [2013-04-23 425984]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]
"Shairport4w"=C:\Users\ERWOE\AppData\Local\Temp\Rar$EXa0.163\Shairport4w.exe []

C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
"Debugger="g_.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe]
"Debugger="g_.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
"Debugger="c_.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"Debugger="g_.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-02 15:25:43 ----D---- C:\Program Files\trend micro
2014-02-02 15:25:42 ----D---- C:\rsit
2014-01-30 06:59:39 ----D---- C:\ProgramData\REVOLT
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2014-01-27 10:03:18 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvopencl.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvoglv64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvoglshim64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvinitx.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\NvIFR64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvhdap64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\NvFBC64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvdispgenco6433221.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvdispco6433221.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvd3dumx.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvcuvid.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvcuda.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\nvcompiler.dll
2014-01-27 10:03:18 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-01-27 10:03:18 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2014-01-27 07:57:09 ----D---- C:\Users\ERWOE\AppData\Roaming\ihelper
2014-01-27 07:53:52 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2014-01-27 07:53:52 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2014-01-25 17:06:56 ----D---- C:\Program Files (x86)\i-Funbox DevTeam
2014-01-25 16:58:04 ----D---- C:\Users\ERWOE\AppData\Roaming\iFunBox.NXGen
2014-01-24 16:29:06 ----A---- C:\Windows\thug2.ini
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-14 23:01:52 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-01-14 23:01:24 ----A---- C:\Windows\system32\win32k.sys
2014-01-14 23:00:57 ----A---- C:\Windows\system32\drivers\netio.sys
2014-01-04 21:27:10 ----D---- C:\Users\ERWOE\AppData\Roaming\theHunter
2014-01-04 18:28:17 ----D---- C:\ProgramData\Hunter
2014-01-03 17:03:09 ----D---- C:\Program Files (x86)\ESET
2014-01-03 14:23:59 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-02-02 15:25:53 ----D---- C:\Windows\Prefetch
2014-02-02 15:25:43 ----RD---- C:\Program Files
2014-02-02 15:25:39 ----D---- C:\Windows\Temp
2014-02-02 12:27:18 ----D---- C:\Windows\system32\config
2014-02-02 10:58:39 ----A---- C:\Windows\SYSWOW64\log.txt
2014-02-02 10:56:19 ----D---- C:\ProgramData\NVIDIA
2014-02-02 02:01:51 ----D---- C:\ProgramData\Tunngle
2014-02-02 02:01:50 ----D---- C:\Users\ERWOE\AppData\Roaming\Tunngle
2014-02-01 21:28:45 ----D---- C:\Windows\SysWOW64
2014-02-01 21:28:43 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-02-01 19:43:10 ----D---- C:\Program Files (x86)\Origin
2014-02-01 16:14:43 ----SHD---- C:\System Volume Information
2014-02-01 14:38:35 ----SHD---- C:\Windows\Installer
2014-02-01 14:38:35 ----RD---- C:\Program Files (x86)
2014-01-31 23:57:29 ----D---- C:\ProgramData\Origin
2014-01-30 09:13:48 ----D---- C:\Windows\System32
2014-01-30 09:13:48 ----D---- C:\Windows\inf
2014-01-30 09:13:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-30 09:12:28 ----D---- C:\Windows\system32\drivers
2014-01-30 06:59:39 ----HD---- C:\ProgramData
2014-01-30 06:47:07 ----AD---- C:\Windows
2014-01-30 06:46:12 ----RSD---- C:\Windows\assembly
2014-01-28 18:00:41 ----D---- C:\Users\ERWOE\AppData\Roaming\vlc
2014-01-27 10:08:08 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-01-27 10:07:55 ----D---- C:\Windows\system32\DriverStore
2014-01-27 10:07:55 ----D---- C:\Windows\system32\catroot
2014-01-27 10:07:19 ----D---- C:\temp
2014-01-27 10:04:50 ----D---- C:\Windows\system32\catroot2
2014-01-27 07:55:28 ----D---- C:\Windows\Microsoft.NET
2014-01-26 15:19:11 ----D---- C:\Games
2014-01-26 00:51:54 ----D---- C:\Users\ERWOE\AppData\Roaming\XBMC
2014-01-25 17:07:09 ----D---- C:\Downloads
2014-01-24 16:33:51 ----D---- C:\Users\ERWOE\AppData\Roaming\uTorrent
2014-01-24 16:29:55 ----D---- C:\Users\ERWOE\AppData\Roaming\Azureus
2014-01-24 16:29:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 16:27:36 ----D---- C:\Users\ERWOE\AppData\Roaming\Rainmeter
2014-01-21 03:53:40 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-01-21 03:53:29 ----A---- C:\Windows\system32\nvspcap64.dll
2014-01-19 08:33:29 ----N---- C:\Windows\system32\MpSigStub.exe
2014-01-17 03:04:18 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-01-15 13:02:42 ----D---- C:\Windows\winsxs
2014-01-15 03:04:22 ----D---- C:\Windows\system32\MRT
2014-01-15 03:00:49 ----A---- C:\Windows\system32\MRT.exe
2014-01-13 23:38:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-01-13 23:38:05 ----D---- C:\Windows\system32\cs-CZ
2014-01-13 23:33:25 ----D---- C:\Windows\SYSWOW64\en-US
2014-01-13 23:33:25 ----D---- C:\Windows\system32\en-US
2014-01-13 01:34:50 ----D---- C:\Program Files (x86)\Steam
2014-01-12 00:45:19 ----D---- C:\Program Files (x86)\uTorrent
2014-01-11 02:43:50 ----D---- C:\Fraps
2014-01-07 21:18:29 ----SD---- C:\Users\ERWOE\AppData\Roaming\Microsoft
2014-01-03 19:01:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-05-26 564824]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2013-06-02 1931264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [2011-09-20 11080]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
S3 acg68fxs;acg68fxs; C:\Windows\system32\drivers\acg68fxs.sys []
S3 BRDriver64;BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [2013-07-23 75048]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver; C:\Windows\system32\DRIVERS\evolve.sys [2013-12-07 21656]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
S3 ipadtst;ipadtst; \??\C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-07-27 19000]
S3 jumi;%Jumi%; C:\Windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NTIOLib_1_0_3;NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DAZContentManagementService;DAZ Content Management Service; C:\Programy\DAZ 3D\Content Management Service\ContentManagementServer.exe [2011-05-05 22528]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-03-29 277784]
R2 MSI_ComCenService;MSI_ComCenService; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [2012-04-17 75280]
R2 MSI_SuiteCharger;MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [2012-07-31 125368]
R2 MSI_SuperCharger;MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-06-29 136704]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2013-02-26 71280]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-01-21 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-01-21 16939296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-12-19 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-03-27 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-29 363800]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-09-08 49152]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-07-23 915736]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-03 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-12-11 569768]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-21 1255736]
S4 NetMsmqActivator;Net.Msmq Listener Adapter; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;Net.Pipe Listener Adapter; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;Net.Tcp Listener Adapter; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by ERWOE on ne 02.02.2014 at 15:44:10,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\smbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\filesfrog update checker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\ERWOE\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\ERWOE\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\ERWOE\appdata\local\appshat mobile apps"
Successfully deleted: [Folder] "C:\Users\ERWOE\appdata\local\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\ERWOE\appdata\local\minibar"
Successfully deleted: [Folder] "C:\Users\ERWOE\appdata\locallow\minibar"
Successfully deleted: [Folder] "C:\Program Files (x86)\minibar"
Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\ERWOE\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\ERWOE\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ FireFox

Successfully deleted the following from C:\Users\ERWOE\AppData\Roaming\mozilla\firefox\profiles\hntjl8hg.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntr ... 4&tsp=4936");
user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.big
user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANU
Emptied folder: C:\Users\ERWOE\AppData\Roaming\mozilla\firefox\profiles\hntjl8hg.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 02.02.2014 at 15:48:47,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.018 - Report created 02/02/2014 at 15:52:41
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ERWOE - ERWOE-PC
# Running from : C:\Users\ERWOE\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\WinToFlash Suggestor
Folder Deleted : C:\Users\ERWOE\AppData\Local\PackageAware
Folder Deleted : C:\Users\ERWOE\AppData\Local\Temp\OCS
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKLM\Software\Minibar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\prefs.js ]

Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k4", "1378356746013");
Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1378212746013");
Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]
Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [4791 octets] - [02/02/2014 15:51:51]
AdwCleaner[S0].txt - [4637 octets] - [02/02/2014 15:52:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4697 octets] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by ERWOE on ne 02.02.2014 at 16:01:28,37.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ERWOE\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2.2.2014 16:03:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_02.02.2014_1609_.backup

==== Deleting Files \ Folders ======================

C:\Users\ERWOE\AppData\Roaming\ihelper deleted
C:\Users\ERWOE\___.tmp deleted
C:\ProgramData\Package Cache deleted
C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat deleted
C:\Users\ERWOE\Downloads\Topaz.Photoshop.Plugins.Bundle.2013-04-12-iGalerie.cz.rar deleted
C:\Users\ERWOE\Downloads\VaudiX.exe deleted
C:\Users\ERWOE\Downloads\SoftonicDownloader_for_winsetupfromusb.exe deleted
"C:\Users\ERWOE\AppData\Roaming\DMCache" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default
- Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Cookies Manager - %ProfilePath%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
- WinToFlash Suggestor - %ProfilePath%\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
517021D1BCA1962ABF09099014A7D87D - C:\Windows\system32\npOGPPlugin.dll - OGPlanet Game Plugin
517021D1BCA1962ABF09099014A7D87D - C:\Windows\SysWOW64\npOGPPlugin.dll - OGPlanet Game Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Deleted Firefox Extensions ======================

C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi deleted

==== Chrome Look ======================

AdBlock - ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chrome Fix ======================

C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.en.softonic.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.nl.softonic.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.nl.softonic.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.softonic.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bit-che.softonic.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ti.en.softonic.com_0.localstorage deleted successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ti.en.softonic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ERWOE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ERWOE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ERWOE\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\ERWOE\AppData\Local\Mozilla\Firefox\Profiles\hntjl8hg.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=31 folders=12 509908222 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\ERWOE\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ERWOE\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on ne 02.02.2014 at 16:14:55,43 ======================

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by ERWOE (administrator) on ERWOE-PC on 02-02-2014 16:28:57
Running from C:\Users\ERWOE\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Programy\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
(MSI) C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
() C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
() C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ishutdown\iShutdown\iShutdown.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [495616 2012-07-27] (MSI)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Shairport4w] - "C:\Users\ERWOE\AppData\Local\Temp\Rar$EXa0.163\Shairport4w.exe"
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [AdobeBridge] - [x]
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [ishutdown2] - C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [17920 2011-05-31] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [JumiController] - C:\Program Files (x86)\Jumi\Jumi.exe
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [Keyboard Inf.] - C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe [4459872 2014-01-24] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [iFunBox Price Watch] - C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\MountPoints2: {6c91ca4a-7bbf-11e2-a4a5-806e6f6e6963} - E:\noop.exe
IFEO\hijackthis.exe: [Debugger] g_.exe
IFEO\housecalllauncher.exe: [Debugger] g_.exe
IFEO\rstrui.exe: [Debugger] c_.exe
IFEO\spybotsd.exe: [Debugger] g_.exe
Startup: C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.exe ()

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.30.0.1 172.29.1.197
Tcpip\..\Interfaces\{B80087DA-1FB4-44C7-A95E-104CB96AF069}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\searchplugins\Firefox.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Flash Video Downloader - C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\Extensions\artur.dubovoy@gmail.com [2014-01-23]
FF Extension: Cookies Manager+ - C:\Users\ERWOE\AppData\Roaming\Mozilla\Firefox\Profiles\hntjl8hg.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-09-11]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-04]
CHR Extension: (Disk Google) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (YouTube) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-04]
CHR Extension: (Vyhledávání Google) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-04]
CHR Extension: (Peněženka Google) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\ERWOE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-08] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-23] (BitRaider, LLC)
R2 DAZContentManagementService; C:\Programy\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 MSI_ComCenService; C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [75280 2012-04-17] (MSI)
R2 MSI_SuiteCharger; C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [125368 2012-07-31] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-03-27] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-07-23] (BitRaider)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-12-07] (Echobit, LLC)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19000 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S4 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_D; C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [11080 2011-09-20] (MSI)
R3 NTIOLib_1_1_S; C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-26] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 aukbpwlv; C:\Windows\System32\Drivers\aukbpwlv.sys [0 ] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 16:28 - 2014-02-02 16:29 - 00017658 _____ () C:\Users\ERWOE\Desktop\FRST.txt
2014-02-02 16:28 - 2014-02-02 16:28 - 00000000 ____D () C:\FRST
2014-02-02 16:26 - 2014-02-02 16:26 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 461688.crdownload
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 211533.crdownload
2014-02-02 16:24 - 2014-02-02 16:24 - 02080256 _____ (Farbar) C:\Users\ERWOE\Desktop\FRST64.exe
2014-02-02 16:11 - 2014-02-02 16:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-02 16:03 - 2014-02-02 16:14 - 00011252 _____ () C:\zoek-results.log
2014-02-02 16:00 - 2014-02-02 16:10 - 00000000 ____D () C:\zoek_backup
2014-02-02 16:00 - 2014-02-02 16:00 - 01283072 _____ () C:\Users\ERWOE\Desktop\zoek.exe
2014-02-02 15:51 - 2014-02-02 15:52 - 00000000 ____D () C:\AdwCleaner
2014-02-02 15:50 - 2014-02-02 15:50 - 01166132 _____ () C:\Users\ERWOE\Desktop\adwcleaner.exe
2014-02-02 15:48 - 2014-02-02 15:48 - 00004449 _____ () C:\Users\ERWOE\Desktop\JRT.txt
2014-02-02 15:45 - 2014-02-02 15:45 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3 (1).zip
2014-02-02 15:44 - 2014-02-02 15:44 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 15:43 - 2014-02-02 15:43 - 01037068 _____ (Thisisu) C:\Users\ERWOE\Desktop\JRT.exe
2014-02-02 15:25 - 2014-02-02 15:25 - 00000000 ____D () C:\rsit
2014-02-02 15:25 - 2014-02-02 15:25 - 00000000 ____D () C:\Program Files\trend micro
2014-02-02 15:24 - 2014-02-02 15:24 - 00935175 _____ () C:\Users\ERWOE\Downloads\RSITx64.exe
2014-02-02 12:57 - 2014-02-02 12:57 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3.zip
2014-02-01 23:42 - 2014-02-01 23:42 - 00241124 _____ () C:\Users\ERWOE\Downloads\DI.LAN.Fix.Incl.DLC.Unlocker.[V1.3.0.0]-xps2.rar
2014-01-30 15:04 - 2014-01-30 15:04 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-30 06:59 - 2014-01-30 06:59 - 00000000 ____D () C:\Users\ERWOE\Documents\DeadIsland
2014-01-30 06:59 - 2014-01-30 06:59 - 00000000 ____D () C:\ProgramData\REVOLT
2014-01-30 06:47 - 2014-01-30 06:47 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-29 17:01 - 2014-01-29 17:01 - 00000703 _____ () C:\Users\ERWOE\Desktop\Counter-Strike Source.lnk
2014-01-27 10:03 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-27 10:03 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00357152 _____ () C:\Windows\system32\NvIFROpenGL.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00314656 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-27 10:03 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-27 10:03 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-27 10:03 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-27 10:03 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-27 07:57 - 2014-01-27 07:57 - 00000000 ____D () C:\Users\ERWOE\Documents\ihelper
2014-01-27 07:53 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-27 07:53 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-26 11:34 - 2014-01-26 11:34 - 05192704 _____ (Geza Kovacs) C:\Users\ERWOE\Downloads\unetbootin-windows-585.exe
2014-01-26 11:25 - 2014-01-26 11:25 - 00098304 _____ (Hewlett-Packard Company) C:\Users\ERWOE\Downloads\HPU_v2.2.3 (1).exe
2014-01-26 11:23 - 2014-01-25 16:43 - 925892608 _____ () C:\Users\ERWOE\Desktop\ubuntu-13.10-desktop-amd64.iso
2014-01-25 17:26 - 2014-01-25 17:37 - 20381768 _____ () C:\Users\ERWOE\Downloads\Pou_1.4.19.ipa
2014-01-25 17:13 - 2014-01-25 17:15 - 20381768 _____ () C:\Users\ERWOE\Downloads\Pou-v164-Locophone-ICPDA-iOS-5.0-(Clutch-1.3.2-git5).ipa
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\cef_data
2014-01-25 17:06 - 2014-01-25 17:06 - 00001060 _____ () C:\Users\Public\Desktop\iFunbox.lnk
2014-01-25 17:06 - 2014-01-25 17:06 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-01-25 16:58 - 2014-01-25 16:58 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\iFunBox.NXGen
2014-01-25 16:56 - 2014-01-25 16:57 - 07641762 _____ ( ) C:\Users\ERWOE\Downloads\ifunbox2014_setup.exe
2014-01-24 16:29 - 2014-01-24 16:29 - 00000279 _____ () C:\Windows\thug2.ini
2014-01-22 21:05 - 2014-01-22 21:05 - 00000000 ____D () C:\Users\ERWOE\Documents\Ubisoft
2014-01-18 16:19 - 2014-01-18 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-14 23:01 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:01 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:01 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 23:00 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 01:09 - 2014-01-14 01:09 - 00000000 ____D () C:\Users\ERWOE\Documents\MGR
2014-01-12 00:45 - 2014-01-12 00:45 - 00000947 _____ () C:\Users\Public\Desktop\µTorrent.lnk
2014-01-11 01:14 - 2014-01-11 01:25 - 00000000 ____D () C:\Users\ERWOE\Downloads\Metal.Gear.Rising.Revengeance-Black.Box
2014-01-09 23:46 - 2014-01-10 18:10 - 00000000 ____D () C:\Users\ERWOE\Downloads\All Trap Music 2013 Vol. 2 iTunes[m4a] - the.HH
2014-01-08 00:15 - 2014-01-08 00:15 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\next car game technology sneak peek
2014-01-07 19:32 - 2014-01-07 20:01 - 386746512 _____ (Bugbear Entertainment) C:\Users\ERWOE\Downloads\Next Car Game Technology Sneak Peek 2.0.exe
2014-01-04 21:27 - 2014-01-24 16:14 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\theHunter
2014-01-04 21:27 - 2014-01-04 21:27 - 00000040 _____ () C:\Users\ERWOE\AppData\Roaming\TheHunterSettings_live.cfg
2014-01-04 21:27 - 2014-01-04 21:27 - 00000000 ____D () C:\Users\ERWOE\Documents\theHunter
2014-01-04 21:27 - 2014-01-04 21:27 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\theHunter
2014-01-04 18:28 - 2014-01-04 18:28 - 00000000 ____D () C:\ProgramData\Hunter
2014-01-04 18:22 - 2014-01-04 18:23 - 14001048 _____ (Expansive Worlds ) C:\Users\ERWOE\Downloads\theHunterLauncherSetup.exe
2014-01-04 00:53 - 2014-01-04 00:53 - 00057294 _____ () C:\Users\ERWOE\Downloads\Borderlands2-AllDLC_mpgh.net.zip
2014-01-03 17:03 - 2014-01-03 17:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-03 17:01 - 2014-01-03 17:01 - 02347384 _____ (ESET) C:\Users\ERWOE\Downloads\esetsmartinstaller_csy.exe
2014-01-03 14:23 - 2014-01-03 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-02-02 16:29 - 2014-02-02 16:28 - 00017658 _____ () C:\Users\ERWOE\Desktop\FRST.txt
2014-02-02 16:28 - 2014-02-02 16:28 - 00000000 ____D () C:\FRST
2014-02-02 16:27 - 2013-02-23 10:51 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 16:26 - 2014-02-02 16:26 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 461688.crdownload
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 211533.crdownload
2014-02-02 16:24 - 2014-02-02 16:24 - 02080256 _____ (Farbar) C:\Users\ERWOE\Desktop\FRST64.exe
2014-02-02 16:21 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 16:21 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 16:17 - 2013-02-21 01:50 - 01125651 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 16:14 - 2014-02-02 16:03 - 00011252 _____ () C:\zoek-results.log
2014-02-02 16:13 - 2013-02-23 10:51 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 16:13 - 2013-02-20 19:10 - 00249250 _____ () C:\Windows\PFRO.log
2014-02-02 16:13 - 2013-02-20 19:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-02 16:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 16:13 - 2009-07-14 05:51 - 00065455 _____ () C:\Windows\setupact.log
2014-02-02 16:10 - 2014-02-02 16:00 - 00000000 ____D () C:\zoek_backup
2014-02-02 16:09 - 2013-02-20 18:50 - 00000000 ____D () C:\Users\ERWOE
2014-02-02 16:00 - 2014-02-02 16:11 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-02 16:00 - 2014-02-02 16:00 - 01283072 _____ () C:\Users\ERWOE\Desktop\zoek.exe
2014-02-02 15:52 - 2014-02-02 15:51 - 00000000 ____D () C:\AdwCleaner
2014-02-02 15:50 - 2014-02-02 15:50 - 01166132 _____ () C:\Users\ERWOE\Desktop\adwcleaner.exe
2014-02-02 15:48 - 2014-02-02 15:48 - 00004449 _____ () C:\Users\ERWOE\Desktop\JRT.txt
2014-02-02 15:45 - 2014-02-02 15:45 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3 (1).zip
2014-02-02 15:44 - 2014-02-02 15:44 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 15:43 - 2014-02-02 15:43 - 01037068 _____ (Thisisu) C:\Users\ERWOE\Desktop\JRT.exe
2014-02-02 15:25 - 2014-02-02 15:25 - 00000000 ____D () C:\rsit
2014-02-02 15:25 - 2014-02-02 15:25 - 00000000 ____D () C:\Program Files\trend micro
2014-02-02 15:24 - 2014-02-02 15:24 - 00935175 _____ () C:\Users\ERWOE\Downloads\RSITx64.exe
2014-02-02 13:26 - 2013-12-24 00:14 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\CrashDumps
2014-02-02 12:57 - 2014-02-02 12:57 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3.zip
2014-02-02 02:01 - 2013-12-03 00:40 - 00000000 ____D () C:\ProgramData\Tunngle
2014-02-02 02:01 - 2013-02-20 20:44 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\Tunngle
2014-02-01 23:44 - 2013-02-22 18:12 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\SKIDROW
2014-02-01 23:42 - 2014-02-01 23:42 - 00241124 _____ () C:\Users\ERWOE\Downloads\DI.LAN.Fix.Incl.DLC.Unlocker.[V1.3.0.0]-xps2.rar
2014-02-01 21:28 - 2013-02-23 12:49 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-01 21:28 - 2013-02-23 12:43 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-01 19:43 - 2013-03-26 12:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-01 19:43 - 2013-02-23 12:43 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-01 02:57 - 2013-02-20 21:19 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-01-31 23:57 - 2013-03-26 12:03 - 00000000 ____D () C:\ProgramData\Origin
2014-01-30 15:04 - 2014-01-30 15:04 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-30 09:13 - 2009-07-14 16:18 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2014-01-30 09:13 - 2009-07-14 16:18 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2014-01-30 09:13 - 2009-07-14 06:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-30 06:59 - 2014-01-30 06:59 - 00000000 ____D () C:\Users\ERWOE\Documents\DeadIsland
2014-01-30 06:59 - 2014-01-30 06:59 - 00000000 ____D () C:\ProgramData\REVOLT
2014-01-30 06:47 - 2014-01-30 06:47 - 00000562 _____ () C:\Windows\wmsetup.log
2014-01-30 06:46 - 2013-02-20 19:42 - 00365730 _____ () C:\Windows\DirectX.log
2014-01-29 17:01 - 2014-01-29 17:01 - 00000703 _____ () C:\Users\ERWOE\Desktop\Counter-Strike Source.lnk
2014-01-28 18:00 - 2013-12-23 21:57 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\vlc
2014-01-27 10:08 - 2013-02-20 19:07 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-27 07:57 - 2014-01-27 07:57 - 00000000 ____D () C:\Users\ERWOE\Documents\ihelper
2014-01-26 15:19 - 2013-02-20 21:00 - 00000000 ____D () C:\Games
2014-01-26 11:34 - 2014-01-26 11:34 - 05192704 _____ (Geza Kovacs) C:\Users\ERWOE\Downloads\unetbootin-windows-585.exe
2014-01-26 11:25 - 2014-01-26 11:25 - 00098304 _____ (Hewlett-Packard Company) C:\Users\ERWOE\Downloads\HPU_v2.2.3 (1).exe
2014-01-26 00:51 - 2013-06-02 00:51 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\XBMC
2014-01-25 17:37 - 2014-01-25 17:26 - 20381768 _____ () C:\Users\ERWOE\Downloads\Pou_1.4.19.ipa
2014-01-25 17:15 - 2014-01-25 17:13 - 20381768 _____ () C:\Users\ERWOE\Downloads\Pou-v164-Locophone-ICPDA-iOS-5.0-(Clutch-1.3.2-git5).ipa
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\cef_data
2014-01-25 17:06 - 2014-01-25 17:06 - 00001060 _____ () C:\Users\Public\Desktop\iFunbox.lnk
2014-01-25 17:06 - 2014-01-25 17:06 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-01-25 16:58 - 2014-01-25 16:58 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\iFunBox.NXGen
2014-01-25 16:57 - 2014-01-25 16:56 - 07641762 _____ ( ) C:\Users\ERWOE\Downloads\ifunbox2014_setup.exe
2014-01-25 16:43 - 2014-01-26 11:23 - 925892608 _____ () C:\Users\ERWOE\Desktop\ubuntu-13.10-desktop-amd64.iso
2014-01-24 16:33 - 2013-02-22 16:50 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\uTorrent
2014-01-24 16:30 - 2013-05-23 05:27 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-24 16:29 - 2014-01-24 16:29 - 00000279 _____ () C:\Windows\thug2.ini
2014-01-24 16:29 - 2013-09-07 17:03 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\Azureus
2014-01-24 16:29 - 2013-02-20 18:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 16:27 - 2013-12-28 15:20 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\Rainmeter
2014-01-24 16:14 - 2014-01-04 21:27 - 00000000 ____D () C:\Users\ERWOE\AppData\Roaming\theHunter
2014-01-22 21:05 - 2014-01-22 21:05 - 00000000 ____D () C:\Users\ERWOE\Documents\Ubisoft
2014-01-21 03:53 - 2013-12-25 16:11 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-12-25 16:11 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-19 08:33 - 2013-02-20 19:36 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 16:19 - 2014-01-18 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-17 03:04 - 2013-02-20 19:02 - 01559268 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 13:01 - 2009-07-14 05:45 - 09667936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:04 - 2013-07-21 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2013-02-22 15:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 01:09 - 2014-01-14 01:09 - 00000000 ____D () C:\Users\ERWOE\Documents\MGR
2014-01-13 01:34 - 2013-02-20 22:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-12 00:45 - 2014-01-12 00:45 - 00000947 _____ () C:\Users\Public\Desktop\µTorrent.lnk
2014-01-12 00:45 - 2013-12-23 17:33 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-01-11 02:43 - 2013-08-26 13:38 - 00000000 ____D () C:\Fraps
2014-01-11 01:25 - 2014-01-11 01:14 - 00000000 ____D () C:\Users\ERWOE\Downloads\Metal.Gear.Rising.Revengeance-Black.Box
2014-01-10 18:10 - 2014-01-09 23:46 - 00000000 ____D () C:\Users\ERWOE\Downloads\All Trap Music 2013 Vol. 2 iTunes[m4a] - the.HH
2014-01-08 00:15 - 2014-01-08 00:15 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\next car game technology sneak peek
2014-01-07 20:01 - 2014-01-07 19:32 - 386746512 _____ (Bugbear Entertainment) C:\Users\ERWOE\Downloads\Next Car Game Technology Sneak Peek 2.0.exe
2014-01-06 01:56 - 2013-02-20 18:51 - 00000000 ___RD () C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 21:27 - 2014-01-04 21:27 - 00000040 _____ () C:\Users\ERWOE\AppData\Roaming\TheHunterSettings_live.cfg
2014-01-04 21:27 - 2014-01-04 21:27 - 00000000 ____D () C:\Users\ERWOE\Documents\theHunter
2014-01-04 21:27 - 2014-01-04 21:27 - 00000000 ____D () C:\Users\ERWOE\AppData\Local\theHunter
2014-01-04 18:28 - 2014-01-04 18:28 - 00000000 ____D () C:\ProgramData\Hunter
2014-01-04 18:23 - 2014-01-04 18:22 - 14001048 _____ (Expansive Worlds ) C:\Users\ERWOE\Downloads\theHunterLauncherSetup.exe
2014-01-04 00:53 - 2014-01-04 00:53 - 00057294 _____ () C:\Users\ERWOE\Downloads\Borderlands2-AllDLC_mpgh.net.zip
2014-01-03 19:01 - 2013-04-14 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 17:03 - 2014-01-03 17:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-03 17:01 - 2014-01-03 17:01 - 02347384 _____ (ESET) C:\Users\ERWOE\Downloads\esetsmartinstaller_csy.exe
2014-01-03 14:24 - 2014-01-03 14:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 18:04




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:745.11 GB) (Free:63.49 GB) NTFS
Drive d: (flash) (Fixed) (Total:465.76 GB) (Free:115.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TSW DVD 2) (CDROM) (Total:5.17 GB) (Free:0 GB) CDFS

Available physical RAM: 6010.75 MB
Total physical RAM: 8136.93 MB
Percentage of memory in use: 26%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5C74DCD2)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 745 GB) (Disk ID: 9C8D32BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=745 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ERWOE\Desktop" je 888 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DisableUnicastResponsesToMulticastBroadcast REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Je nutný ten druhý log? Neumím "zabalovat" pouze "rozbalovat".

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
  HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
  HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
  HKLM-x32\...\Run: [Shairport4w] - "C:\Users\ERWOE\AppData\Local\Temp\Rar$EXa0.163\Shairport4w.exe"
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [AdobeBridge] - [x]
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [ishutdown2] - C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [17920 2011-05-31] ()
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [JumiController] - C:\Program Files (x86)\Jumi\Jumi.exe
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [Keyboard Inf.] - C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe [4459872 2014-01-24] ()
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [iFunBox Price Watch] - C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
  HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\MountPoints2: {6c91ca4a-7bbf-11e2-a4a5-806e6f6e6963} - E:\noop.exe
  IFEO\hijackthis.exe: [Debugger] g_.exe
  IFEO\housecalllauncher.exe: [Debugger] g_.exe
  IFEO\rstrui.exe: [Debugger] c_.exe
  IFEO\spybotsd.exe: [Debugger] g_.exe
  Startup: C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
  
  SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  U3 aukbpwlv; C:\Windows\System32\Drivers\aukbpwlv.sys [0 ] (Microsoft Corporation)
  S3 MSICDSetup; \??\E:\CDriver64.sys [x]
  S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
  
  2014-02-02 16:26 - 2014-02-02 16:26 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe
  2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 461688.crdownload
  2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 211533.crdownload
  2014-02-02 16:11 - 2014-02-02 16:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-02-02 16:03 - 2014-02-02 16:14 - 00011252 _____ () C:\zoek-results.log
  2014-02-02 16:00 - 2014-02-02 16:10 - 00000000 ____D () C:\zoek_backup
  2014-02-02 16:00 - 2014-02-02 16:00 - 01283072 _____ () C:\Users\ERWOE\Desktop\zoek.exe
  2014-02-02 15:50 - 2014-02-02 15:50 - 01166132 _____ () C:\Users\ERWOE\Desktop\adwcleaner.exe
  2014-02-02 15:48 - 2014-02-02 15:48 - 00004449 _____ () C:\Users\ERWOE\Desktop\JRT.txt
  2014-02-02 15:45 - 2014-02-02 15:45 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3 (1).zip
  2014-02-02 15:43 - 2014-02-02 15:43 - 01037068 _____ (Thisisu) C:\Users\ERWOE\Desktop\JRT.exe
  2014-02-02 15:24 - 2014-02-02 15:24 - 00935175 _____ () C:\Users\ERWOE\Downloads\RSITx64.exe
  
  C:\ProgramData\RazorU0
  
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by ERWOE at 2014-02-02 20:10:35 Run:1
Running from C:\Users\ERWOE\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Shairport4w] - "C:\Users\ERWOE\AppData\Local\Temp\Rar$EXa0.163\Shairport4w.exe"
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [AdobeBridge] - [x]
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [RazorU] - C:\ProgramData\RazorU0\ntibcpsaq.exe [425984 2013-04-23] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [ishutdown2] - C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [17920 2011-05-31] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [JumiController] - C:\Program Files (x86)\Jumi\Jumi.exe
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [Keyboard Inf.] - C:\Users\ERWOE\AppData\Roaming\Rainmeter\msdn.exe [4459872 2014-01-24] ()
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\Run: [iFunBox Price Watch] - C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\...\MountPoints2: {6c91ca4a-7bbf-11e2-a4a5-806e6f6e6963} - E:\noop.exe
IFEO\hijackthis.exe: [Debugger] g_.exe
IFEO\housecalllauncher.exe: [Debugger] g_.exe
IFEO\rstrui.exe: [Debugger] c_.exe
IFEO\spybotsd.exe: [Debugger] g_.exe
Startup: C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

U3 aukbpwlv; C:\Windows\System32\Drivers\aukbpwlv.sys [0 ] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]

2014-02-02 16:26 - 2014-02-02 16:26 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 461688.crdownload
2014-02-02 16:25 - 2014-02-02 16:25 - 00112640 _____ (forum.viry.cz) C:\Users\ERWOE\Downloads\Nepotvrzeno 211533.crdownload
2014-02-02 16:11 - 2014-02-02 16:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-02 16:03 - 2014-02-02 16:14 - 00011252 _____ () C:\zoek-results.log
2014-02-02 16:00 - 2014-02-02 16:10 - 00000000 ____D () C:\zoek_backup
2014-02-02 16:00 - 2014-02-02 16:00 - 01283072 _____ () C:\Users\ERWOE\Desktop\zoek.exe
2014-02-02 15:50 - 2014-02-02 15:50 - 01166132 _____ () C:\Users\ERWOE\Desktop\adwcleaner.exe
2014-02-02 15:48 - 2014-02-02 15:48 - 00004449 _____ () C:\Users\ERWOE\Desktop\JRT.txt
2014-02-02 15:45 - 2014-02-02 15:45 - 01019680 _____ () C:\Users\ERWOE\Downloads\upm_4_1_3 (1).zip
2014-02-02 15:43 - 2014-02-02 15:43 - 01037068 _____ (Thisisu) C:\Users\ERWOE\Desktop\JRT.exe
2014-02-02 15:24 - 2014-02-02 15:24 - 00935175 _____ () C:\Users\ERWOE\Downloads\RSITx64.exe

C:\ProgramData\RazorU0

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RazorU => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Shairport4w => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RazorU => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ishutdown2 => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JumiController => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Keyboard Inf. => Value deleted successfully.
HKU\S-1-5-21-1063749243-1003621131-4052069309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iFunBox Price Watch => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c91ca4a-7bbf-11e2-a4a5-806e6f6e6963} => Key not found.
HKCR\CLSID\{6c91ca4a-7bbf-11e2-a4a5-806e6f6e6963} => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
C:\Users\ERWOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
aukbpwlv => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\Users\ERWOE\Desktop\FRSTLauncher (2).exe => Moved successfully.
C:\Users\ERWOE\Downloads\Nepotvrzeno 461688.crdownload => Moved successfully.
C:\Users\ERWOE\Downloads\Nepotvrzeno 211533.crdownload => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\ERWOE\Desktop\zoek.exe => Moved successfully.
C:\Users\ERWOE\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\ERWOE\Desktop\JRT.txt => Moved successfully.
C:\Users\ERWOE\Downloads\upm_4_1_3 (1).zip => Moved successfully.
C:\Users\ERWOE\Desktop\JRT.exe => Moved successfully.
C:\Users\ERWOE\Downloads\RSITx64.exe => Moved successfully.
C:\ProgramData\RazorU0 => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

Nastala nejaka zmena v chova PC??

Vypadá to bezproblémově, jste machři. Ještě bych se zeptal, co zapříčinilo tento problém abych se tomu pro příště vyvaroval?