VIRY.CZ

Zdravím,
mám problém s avg. opakovaně hlásí virus Win32/Heur (Nález Rezidentního štítu), který jak píše úspěšně vyléčil, ale ten se jako by pořád vrací. klidně i 2x denně. 22.4. ho dokonce hlásil 4x, takže buď je to falešný nález, protože píše, že původcem je proces "avgcsrva.exe", který patří (alespoň myslím) k avg, nebo ho opakovaně někde chytám, když jsem na netu.

Tady přikládám ty nálezy Rezidentního štítu:
Jméno hrozby;"Stav";"Čas nálezu";"Typ objektu";"Proces"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-1c016461-5980-4f06-8c15-5f5e688c8c5a.tmp;"Zabezpečeno";"13.4.2014, 13:04:43";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-4b7c2f36-cc48-4071-a47e-2026f3b68761.tmp;"Zabezpečeno";"13.4.2014, 13:49:33";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-52526232-0659-4a6c-a793-5e28ba2c443b.tmp;"Zabezpečeno";"13.4.2014, 15:32:48";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-2cb79d05-b1ac-4e5a-9fab-2f15b7313e22.tmp;"Zabezpečeno";"13.4.2014, 22:00:48";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-cbb2a97c-8414-4049-a895-165654261d36.tmp;"Zabezpečeno";"18.4.2014, 21:40:55";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-1ecebb5e-06b2-453f-a813-0f42b18baa02.tmp;"Zabezpečeno";"22.4.2014, 11:02:08";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-64429b70-c6e6-4f61-a2e1-13351724f642.tmp;"Zabezpečeno";"22.4.2014, 15:41:23";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-abb7e27b-616f-4e70-9b4e-00034fd85275.tmp;"Zabezpečeno";"22.4.2014, 16:38:10";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-3548c06a-c2f8-4262-8d21-263293386c56.tmp;"Zabezpečeno";"22.4.2014, 21:30:51";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-8bd14756-62cb-4d50-a481-315c37967144.tmp;"Zabezpečeno";"27.4.2014, 17:45:55";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-3106e55d-0b85-4623-a70a-d25731355451.tmp;"Zabezpečeno";"27.4.2014, 21:43:51";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-13f8703e-1b40-4f5e-bf7f-c3712b77d54f.tmp;"Zabezpečeno";"28.4.2014, 15:24:10";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"

A tady je log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrátor at 2014-04-28 17:22:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1566 GB (82%) free of 1908 GB
Total RAM: 8175 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:22:30, on 28.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\trend micro\Administrátor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6559 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=7ed7f424-c55a-4049-9dae-e845d185025b /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\c85be07c-a92f-4049-ba87-b63637dcc45a-1a4-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "84552739-1530060521855024880-19505148961011487238-81849668118704277661818396451
ctfmon.exe
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3c4d868d-1cad-4d53-ad30-8010c3f5e422 -SystemEventPortName:HostProcess-8a2b97d1-0186-4424-bf92-73b10aad99df -IoCancelEventPortName:HostProcess-f6604060-c4a7-4032-9ead-63ea383fc841 -NonStateChangingEventPortName:HostProcess-df496673-9026-4adc-97e9-7db7052a0774 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:70d0461f-2496-432a-8463-aea457a8546d -DeviceGroupId:WpdFsGroup
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=aecd6f18-7ab6-447d-b18e-6e0843fb8724 /coreSdkOptions=4114 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\c1eb4f57-afe6-4906-8e81-495a52ae8d2f-714-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\stáhnu to!!!\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-02-05 1179576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-02-05 2234144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Report]
\AdwCleaner\AdwCleaner[S4].txt [2014-04-27 1159]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~2\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-04-06 5180432]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2013-07-25 5624784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-28 17:22:21 ----D---- C:\rsit
2014-04-28 17:22:21 ----D---- C:\Program Files\trend micro
2014-04-28 17:20:53 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-04-26 19:22:11 ----D---- C:\ProgramData\fltk.org
2014-04-22 21:47:50 ----SD---- C:\Windows\system32\CompatTel
2014-04-22 21:46:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-22 21:46:26 ----A---- C:\Windows\system32\ieui.dll
2014-04-22 21:46:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-22 21:46:23 ----A---- C:\Windows\system32\vbscript.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\iernonce.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\msrating.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-22 21:46:15 ----A---- C:\Windows\system32\mshtml.dll
2014-04-22 21:46:15 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-22 21:46:15 ----A---- C:\Windows\system32\iesetup.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-22 21:46:13 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\wininet.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\urlmon.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\iertutil.dll
2014-04-22 21:46:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-22 21:46:11 ----A---- C:\Windows\system32\ieframe.dll
2014-04-22 21:46:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-22 21:46:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-22 21:46:10 ----A---- C:\Windows\system32\jscript9.dll
2014-04-22 21:41:55 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-22 21:41:55 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-22 21:41:47 ----A---- C:\Windows\system32\aepdu.dll
2014-04-22 21:41:47 ----A---- C:\Windows\system32\aeinv.dll
2014-04-22 21:41:38 ----A---- C:\Windows\system32\kernel32.dll
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64win.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-22 21:41:35 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-22 21:41:26 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-22 21:41:25 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-22 21:40:52 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-22 21:29:07 ----D---- C:\Riot Games
2014-04-22 21:26:47 ----D---- C:\ProgramData\PMB Files
2014-04-22 21:26:44 ----D---- C:\Program Files (x86)\Pando Networks
2014-04-22 16:43:07 ----D---- C:\ProgramData\Blizzard Entertainment
2014-04-22 16:39:43 ----D---- C:\ProgramData\Battle.net
2014-04-19 14:08:48 ----D---- C:\Program Files (x86)\HellSpy Klient
2014-04-18 18:40:50 ----D---- C:\Program Files (x86)\EaseUS
2014-04-18 18:36:53 ----D---- C:\Program Files (x86)\HD Tune
2014-04-18 15:01:30 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2014-04-14 19:36:43 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-04-14 19:36:43 ----A---- C:\Windows\system32\nvspcap64.dll
2014-04-14 19:35:44 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvvsvc.exe
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvsvcr.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvsvc64.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvshext.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvmctray.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvcpl.dll
2014-04-14 19:34:44 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2014-04-14 19:34:44 ----A---- C:\Windows\system32\OpenCL.dll
2014-04-14 19:32:41 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2014-04-14 19:32:41 ----A---- C:\Windows\system32\nvaudcap64v.dll
2014-04-14 19:32:41 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvwgf2umx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvumdshimx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvopencl.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvoglv64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvoglshim64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvinitx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\NvIFR64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvhdap64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\NvFBC64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-04-14 19:32:40 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvdispgenco6433523.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvdispco6433523.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvd3dumx.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuvid.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuda.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcompiler.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvapi64.dll
2014-04-14 19:21:34 ----A---- C:\Windows\SYSWOW64\pv.exe
2014-04-14 18:40:09 ----A---- C:\Windows\system32\sdnclean64.exe
2014-04-14 18:40:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-14 18:40:01 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-07 18:34:23 ----D---- C:\AdwCleaner
2014-04-07 18:27:45 ----SHD---- C:\$RECYCLE.BIN
2014-03-31 16:20:54 ----A---- C:\Windows\system32\drivers\avgtdia.sys
2014-03-31 16:06:26 ----A---- C:\Windows\system32\drivers\avgmfx64.sys

======List of files/folders modified in the last 1 month======

2014-04-28 17:22:21 ----RD---- C:\Program Files
2014-04-28 17:21:35 ----D---- C:\Windows\inf
2014-04-28 17:21:33 ----D---- C:\Windows\temp
2014-04-28 17:21:03 ----D---- C:\Windows
2014-04-28 17:21:01 ----D---- C:\ProgramData\NVIDIA
2014-04-28 17:20:53 ----D---- C:\Windows\System32
2014-04-28 17:19:52 ----A---- C:\Windows\SYSWOW64\log.txt
2014-04-28 16:06:30 ----D---- C:\stáhnu to!!!
2014-04-28 15:58:18 ----D---- C:\ProgramData\MFAData
2014-04-28 15:30:23 ----D---- C:\Windows\debug
2014-04-28 15:29:19 ----D---- C:\Windows\system32\Tasks
2014-04-28 15:28:02 ----D---- C:\Windows\system32\config
2014-04-28 15:21:10 ----RD---- C:\Program Files (x86)
2014-04-28 15:18:54 ----SHD---- C:\Windows\Installer
2014-04-27 22:39:48 ----AD---- C:\ProgramData\TEMP
2014-04-27 22:39:25 ----D---- C:\Program Files (x86)\SpywareBlaster
2014-04-27 22:11:11 ----D---- C:\Windows\Prefetch
2014-04-27 22:07:54 ----D---- C:\Windows\SysWOW64
2014-04-27 21:50:42 ----D---- C:\Windows\system32\drivers
2014-04-27 21:49:38 ----SD---- C:\System Volume Information
2014-04-26 19:22:11 ----D---- C:\ProgramData
2014-04-23 21:08:09 ----D---- C:\Windows\rescache
2014-04-23 00:08:37 ----D---- C:\Windows\system32\catroot2
2014-04-22 22:05:59 ----D---- C:\Windows\winsxs
2014-04-22 21:47:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-22 21:47:54 ----D---- C:\Program Files\Internet Explorer
2014-04-22 21:47:53 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-22 21:47:53 ----D---- C:\Windows\system32\en-US
2014-04-22 21:47:53 ----D---- C:\Windows\system32\cs-CZ
2014-04-22 21:47:53 ----D---- C:\Windows\PolicyDefinitions
2014-04-22 21:47:50 ----D---- C:\Windows\AppPatch
2014-04-22 21:47:50 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-22 21:47:49 ----D---- C:\Windows\system32\DriverStore
2014-04-22 21:47:03 ----D---- C:\Windows\system32\catroot
2014-04-22 21:45:57 ----D---- C:\Windows\system32\MRT
2014-04-22 21:44:36 ----A---- C:\Windows\system32\MRT.exe
2014-04-22 21:36:27 ----D---- C:\Windows\Logs
2014-04-22 21:29:08 ----D---- C:\Windows\Tasks
2014-04-22 16:43:09 ----D---- C:\Program Files (x86)\Common Files
2014-04-22 13:59:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-20 12:05:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-19 10:04:08 ----D---- C:\Windows\system32\LogFiles
2014-04-19 09:51:32 ----D---- C:\Windows\SYSWOW64\LogFiles
2014-04-14 19:36:43 ----D---- C:\Program Files\NVIDIA Corporation
2014-04-14 19:36:41 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-04-14 19:36:37 ----D---- C:\ProgramData\NVIDIA Corporation
2014-04-14 19:36:36 ----D---- C:\Windows\Microsoft.NET
2014-04-14 19:34:59 ----D---- C:\Windows\Help
2014-04-14 19:26:43 ----D---- C:\Windows\SoftwareDistribution
2014-04-14 19:13:25 ----D---- C:\Program Files\Puran Utilities
2014-04-14 18:40:13 ----SD---- C:\ProgramData\Microsoft
2014-04-08 17:53:49 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-03-27 192792]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-03-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-03-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-03-27 32536]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-03-27 153368]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-04-18 237336]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-03-27 236824]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-03-31 274200]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S3 azy54za2;azy54za2; C:\Windows\system32\drivers\azy54za2.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 EagleX64;EagleX64; C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-12-08 3707864]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-04-03 1473280]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-03-27 291912]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 16941856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S4 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PuranDefrag;PuranDefrag; C:\Windows\system32\PuranDefragS.exe [2013-08-15 292736]

-----------------EOF-----------------

Zdravím!
Obsah tohoto adresáře: c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp kompletně smažte.

Vymazáno.
Zde nový log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrátor at 2014-04-28 20:06:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1566 GB (82%) free of 1908 GB
Total RAM: 8175 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:06:46, on 28.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Administrátor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - http://assets.photobox.com/assets/v/ra3 ... _0fSS8.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - https://carina.cd.cz/dwa85W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - https://carina.cd.cz/dwa7W.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6614 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "84552739-1530060521855024880-19505148961011487238-81849668118704277661818396451
ctfmon.exe
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3c4d868d-1cad-4d53-ad30-8010c3f5e422 -SystemEventPortName:HostProcess-8a2b97d1-0186-4424-bf92-73b10aad99df -IoCancelEventPortName:HostProcess-f6604060-c4a7-4032-9ead-63ea383fc841 -NonStateChangingEventPortName:HostProcess-df496673-9026-4adc-97e9-7db7052a0774 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:70d0461f-2496-432a-8463-aea457a8546d -DeviceGroupId:WpdFsGroup
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=aecd6f18-7ab6-447d-b18e-6e0843fb8724 /coreSdkOptions=4114 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\c1eb4f57-afe6-4906-8e81-495a52ae8d2f-714-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskeng.exe {0F462C9C-F9B6-421B-BBD7-32E3A3E84FFC}
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=286e8162-115d-467b-88a1-cc1901cc7666 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\b271f674-47d1-463c-90d6-8e2a500ec366-1a4-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:267521 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe29_ Global\UsGthrCtrlFltPipeMssGthrPipe29 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\stáhnu to!!!\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-02-05 1179576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*WerKernelReporting]
C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-02-05 2234144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Report]
\AdwCleaner\AdwCleaner[S4].txt [2014-04-27 1159]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~2\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-04-06 5180432]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2013-07-25 5624784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-28 17:22:21 ----D---- C:\rsit
2014-04-28 17:22:21 ----D---- C:\Program Files\trend micro
2014-04-26 19:22:11 ----D---- C:\ProgramData\fltk.org
2014-04-22 21:47:50 ----SD---- C:\Windows\system32\CompatTel
2014-04-22 21:46:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-22 21:46:26 ----A---- C:\Windows\system32\ieui.dll
2014-04-22 21:46:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-22 21:46:23 ----A---- C:\Windows\system32\vbscript.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\iernonce.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 21:46:19 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-22 21:46:16 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\msrating.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-22 21:46:16 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-22 21:46:15 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-22 21:46:15 ----A---- C:\Windows\system32\mshtml.dll
2014-04-22 21:46:15 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-22 21:46:15 ----A---- C:\Windows\system32\iesetup.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-22 21:46:13 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-22 21:46:13 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-22 21:46:13 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-22 21:46:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\wininet.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\urlmon.dll
2014-04-22 21:46:12 ----A---- C:\Windows\system32\iertutil.dll
2014-04-22 21:46:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-22 21:46:11 ----A---- C:\Windows\system32\ieframe.dll
2014-04-22 21:46:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-22 21:46:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-22 21:46:10 ----A---- C:\Windows\system32\jscript9.dll
2014-04-22 21:41:55 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-22 21:41:55 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-22 21:41:55 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-22 21:41:47 ----A---- C:\Windows\system32\aepdu.dll
2014-04-22 21:41:47 ----A---- C:\Windows\system32\aeinv.dll
2014-04-22 21:41:38 ----A---- C:\Windows\system32\kernel32.dll
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-22 21:41:37 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64win.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\wow64.dll
2014-04-22 21:41:37 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-22 21:41:35 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-22 21:41:26 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-22 21:41:25 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-22 21:40:52 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-22 21:29:07 ----D---- C:\Riot Games
2014-04-22 21:26:47 ----D---- C:\ProgramData\PMB Files
2014-04-22 21:26:44 ----D---- C:\Program Files (x86)\Pando Networks
2014-04-22 16:43:07 ----D---- C:\ProgramData\Blizzard Entertainment
2014-04-22 16:39:43 ----D---- C:\ProgramData\Battle.net
2014-04-19 14:08:48 ----D---- C:\Program Files (x86)\HellSpy Klient
2014-04-18 18:40:50 ----D---- C:\Program Files (x86)\EaseUS
2014-04-18 18:36:53 ----D---- C:\Program Files (x86)\HD Tune
2014-04-18 15:01:30 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2014-04-14 19:36:43 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-04-14 19:36:43 ----A---- C:\Windows\system32\nvspcap64.dll
2014-04-14 19:35:44 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvvsvc.exe
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvsvcr.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvsvc64.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvshext.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvmctray.dll
2014-04-14 19:35:03 ----A---- C:\Windows\system32\nvcpl.dll
2014-04-14 19:34:44 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2014-04-14 19:34:44 ----A---- C:\Windows\system32\OpenCL.dll
2014-04-14 19:32:41 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2014-04-14 19:32:41 ----A---- C:\Windows\system32\nvaudcap64v.dll
2014-04-14 19:32:41 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2014-04-14 19:32:40 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvwgf2umx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvumdshimx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvopencl.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvoglv64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvoglshim64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvinitx.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\NvIFR64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvhdap64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\NvFBC64.dll
2014-04-14 19:32:40 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-04-14 19:32:40 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2014-04-14 19:32:39 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvdispgenco6433523.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvdispco6433523.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvd3dumx.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuvid.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcuda.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvcompiler.dll
2014-04-14 19:32:39 ----A---- C:\Windows\system32\nvapi64.dll
2014-04-14 19:21:34 ----A---- C:\Windows\SYSWOW64\pv.exe
2014-04-14 18:40:09 ----A---- C:\Windows\system32\sdnclean64.exe
2014-04-14 18:40:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-14 18:40:01 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-07 18:34:23 ----D---- C:\AdwCleaner
2014-04-07 18:27:45 ----SHD---- C:\$RECYCLE.BIN
2014-03-31 16:20:54 ----A---- C:\Windows\system32\drivers\avgtdia.sys
2014-03-31 16:06:26 ----A---- C:\Windows\system32\drivers\avgmfx64.sys

======List of files/folders modified in the last 1 month======

2014-04-28 20:06:26 ----D---- C:\Windows\temp
2014-04-28 20:05:04 ----D---- C:\Windows\System32
2014-04-28 20:05:04 ----D---- C:\Windows\inf
2014-04-28 20:05:04 ----D---- C:\Windows
2014-04-28 19:58:17 ----D---- C:\ProgramData\MFAData
2014-04-28 17:35:14 ----D---- C:\Windows\system32\config
2014-04-28 17:23:35 ----A---- C:\Windows\SYSWOW64\log.txt
2014-04-28 17:22:21 ----RD---- C:\Program Files
2014-04-28 17:21:01 ----D---- C:\ProgramData\NVIDIA
2014-04-28 16:06:30 ----D---- C:\stáhnu to!!!
2014-04-28 15:30:23 ----D---- C:\Windows\debug
2014-04-28 15:29:19 ----D---- C:\Windows\system32\Tasks
2014-04-28 15:21:10 ----RD---- C:\Program Files (x86)
2014-04-28 15:18:54 ----SHD---- C:\Windows\Installer
2014-04-27 22:39:48 ----AD---- C:\ProgramData\TEMP
2014-04-27 22:39:25 ----D---- C:\Program Files (x86)\SpywareBlaster
2014-04-27 22:11:11 ----D---- C:\Windows\Prefetch
2014-04-27 22:07:54 ----D---- C:\Windows\SysWOW64
2014-04-27 21:50:42 ----D---- C:\Windows\system32\drivers
2014-04-27 21:49:38 ----SD---- C:\System Volume Information
2014-04-26 19:22:11 ----D---- C:\ProgramData
2014-04-23 21:08:09 ----D---- C:\Windows\rescache
2014-04-23 00:08:37 ----D---- C:\Windows\system32\catroot2
2014-04-22 22:05:59 ----D---- C:\Windows\winsxs
2014-04-22 21:47:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-22 21:47:54 ----D---- C:\Program Files\Internet Explorer
2014-04-22 21:47:53 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-22 21:47:53 ----D---- C:\Windows\system32\en-US
2014-04-22 21:47:53 ----D---- C:\Windows\system32\cs-CZ
2014-04-22 21:47:53 ----D---- C:\Windows\PolicyDefinitions
2014-04-22 21:47:50 ----D---- C:\Windows\AppPatch
2014-04-22 21:47:50 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-22 21:47:49 ----D---- C:\Windows\system32\DriverStore
2014-04-22 21:47:03 ----D---- C:\Windows\system32\catroot
2014-04-22 21:45:57 ----D---- C:\Windows\system32\MRT
2014-04-22 21:44:36 ----A---- C:\Windows\system32\MRT.exe
2014-04-22 21:36:27 ----D---- C:\Windows\Logs
2014-04-22 21:29:08 ----D---- C:\Windows\Tasks
2014-04-22 16:43:09 ----D---- C:\Program Files (x86)\Common Files
2014-04-22 13:59:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-20 12:05:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-19 10:04:08 ----D---- C:\Windows\system32\LogFiles
2014-04-19 09:51:32 ----D---- C:\Windows\SYSWOW64\LogFiles
2014-04-14 19:36:43 ----D---- C:\Program Files\NVIDIA Corporation
2014-04-14 19:36:41 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-04-14 19:36:37 ----D---- C:\ProgramData\NVIDIA Corporation
2014-04-14 19:36:36 ----D---- C:\Windows\Microsoft.NET
2014-04-14 19:34:59 ----D---- C:\Windows\Help
2014-04-14 19:26:43 ----D---- C:\Windows\SoftwareDistribution
2014-04-14 19:13:25 ----D---- C:\Program Files\Puran Utilities
2014-04-14 18:40:13 ----SD---- C:\ProgramData\Microsoft
2014-04-08 17:53:49 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-03-27 192792]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-03-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-03-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-03-27 32536]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-02-06 564824]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-03-27 153368]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-04-18 237336]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-03-27 236824]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-03-31 274200]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-06 283200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-12-08 64624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-01-20 888536]
S1 FldSafe;FldSafe; C:\Windows\system32\DRIVERS\FldSafe.sys []
S3 azy54za2;azy54za2; C:\Windows\system32\drivers\azy54za2.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 EagleX64;EagleX64; C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; C:\Windows\system32\drivers\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-12-08 3707864]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [2007-05-14 27520]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-04-03 1473280]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-03-27 291912]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 16941856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-14 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S4 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PuranDefrag;PuranDefrag; C:\Windows\system32\PuranDefragS.exe [2013-08-15 292736]

-----------------EOF-----------------

Nastala nějaká změna?

No zatím se do teď neozval.
Jinak není tam ještě nějaký bordel jako Toolbar a jiné blbosti ?
Dále mám problém s "Ovladač certifikace rozšířeného paměťového zařízení Microsoft WPD",který se při každém spuštění počítače snaží stáhnout a nainstalovat z Microsoft update, ale nikdy se mu to nepodaří, proto bych byl rád za zrušení této akce.

Vůbec nevím, o co jde. Pokud je to aktualizace, skryjte ji. Jinak log je OK.

No asi to aktualizace nebude. zkusil jsem zapátrat v protokolu událostí a našel jsem 2 události které to mohou být - vzniká při každém spuštění a nikdy se nepodaří. proto bych byl rád za její zrušení.

Název protokolu:System
Zdroj: Microsoft-Windows-Kernel-PnP
Datum: 28.4.2014 21:37:36
ID události: 219
Kategorie úlohy:(212)
Úroveň: Upozornění
Klíčová slova:
Uživatel: SYSTEM
Počítač: Petr-PC
Popis:
Nepodařilo se načíst ovladač \Driver\WUDFRd pro zařízení WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.
Kód XML události:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-04-28T19:37:36.513118100Z" />
<EventRecordID>383767</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>System</Channel>
<Computer>Petr-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">119</Data>
<Data Name="DriverName">WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>

Nebo:

Název protokolu:System
Zdroj: Microsoft-Windows-EnhancedStorage-EhStorCertDrv
Datum: 28.4.2014 21:37:43
ID události: 12
Kategorie úlohy:(1)
Úroveň: Chyba
Klíčová slova:
Uživatel: LOCAL SERVICE
Počítač: Petr-PC
Popis:
Inicializace ovladače se nezdařila z důvodu nepodporovaného zařízení.
Kód XML události:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorCertDrv" Guid="{BD2D1DAE-D678-4E10-9667-21CBA2AA70C3}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>24</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-04-28T19:37:43.751530800Z" />
<EventRecordID>383781</EventRecordID>
<Correlation />
<Execution ProcessID="2072" ThreadID="4156" />
<Channel>System</Channel>
<Computer>Petr-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="hr">0xc0040205</Data>
<Data Name="eventType">0x6c</Data>
<Data Name="eventTypeData">0x0</Data>
</EventData>
</Event>

Opravdu nevím, čeho se to týká, vidím to poprvé. Strejda Google k tomu říká např. toto: http://support.microsoft.com/kb/982018/cs . Jde asi o nějaký hardware, který ten ovladač potřebuje. Je-li to možné, zkuste obnovu systému k datu, kdy korektně fungoval. Pokud to možné není, doptejte se na podpoře MS. Virus to není zcela určitě.

Tak jsme se ho nezbavili
dneska jsem zapl pc ani jsem nestačil zapnout prohlížeč a už vyskočil. Nevím jestli to pomůže ale v době nálezu tedy minutu před nálezem dělalo avg aktualizaci a test celého počítače nevím jestli to nějak nesouvisí.

Nálezy Rezidentního štítu
Jméno hrozby;"Stav";"Čas nálezu";"Typ objektu";"Proces"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-2ad67561-457b-4171-b8c9-7916c2a0967f.tmp;"Zabezpečeno";"29.4.2014, 14:47:30";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-cffb1c63-1e86-4319-849a-b13eadd20257.tmp;"Zabezpečeno";"29.4.2014, 14:47:33";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"

Nálezy Rezidentního štítu
Jméno hrozby;"Stav";"Čas nálezu";"Typ objektu";"Proces"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-c23d9502-8b56-463c-9ae3-9c5306ed2d35.tmp;"Zabezpečeno";"29.4.2014, 15:31:21";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-675b0966-7fdc-453d-902b-56089935ff10.tmp;"Zabezpečeno";"29.4.2014, 15:31:26";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"

Tak teď jsem si jistý, že to souvisí s testováním, připojil jsem k pc flash disk, ten jsem několikrát oskenoval, kdykoliv jsem klikl na otestování, v té chvíli se vždy ozval Rezidentní štít s nálezem virus Win32/Heur.

Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-dd651a54-4d48-475e-a40c-ce5767f5f057.tmp;"Zabezpečeno";"29.4.2014, 17:50:55";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-cd48417d-3715-4a1d-b457-0e721b5b2a1b.tmp;"Zabezpečeno";"29.4.2014, 17:51:02";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-f855b363-cd16-4808-8363-983714339d2e.tmp;"Zabezpečeno";"29.4.2014, 17:51:41";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-80e69230-081a-4b0b-bf3d-9b5d9446c702.tmp;"Zabezpečeno";"29.4.2014, 17:51:43";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-3825586e-2dad-4101-8066-eb7210f08350.tmp;"Zabezpečeno";"29.4.2014, 17:52:16";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-d6ce943e-ab31-4e40-9273-e745fb922d7d.tmp;"Zabezpečeno";"29.4.2014, 17:52:19";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-7fbef436-6d68-4d0c-ac78-9563a2dcb574.tmp;"Zabezpečeno";"29.4.2014, 17:52:52";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"
Nalezen virus Win32/Heur, c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-57c0b759-c14c-410c-9bc4-df5868b9e906.tmp;"Zabezpečeno";"29.4.2014, 17:52:55";"Soubor nebo složka";"c:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe"

Zkuste ty soubory, alespoň namátkově, otestovat na www.virustotal.com .

Rád bych, ale v cílové složce nejsou žádné soubory a avg i po stisknutí obnovit hrozby se nic nestane.
Dále - zkusil jsem se dívat do cílové složky. v dobu, kdy spustím sken, se v ní vytvoří 1 soubor skoro totožného názvu, jako ostatní nálezy. potom zmizí. hned potom se ozve avg s nálezem a začnou se v ní tvořit soubory vždy po jednom až dvou a ihned po vytvoření zase zmizí. to dělá po celou dobu testu, ale avg se s nálezem ozve jen na začátku testu. při prvním vytvoření těch souborů, které se pořád dokola zobrazují a mizí.
Nepomohlo by přeinstalování AVG ?

V tomto adresáři: c:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-dd651a54-4d48-475e-a40c-ce5767f5f057.tmp ? Zapněte si zobrazení skrytých a systémových souborů.