Win32/PSW.Papras.DR trojský kůň - prosím o pomoc

[lucie.kv]

Zdravím Vás, včera se mi dostal do počítače trojský kůň Win32/PSW.Papras.DR a nemůžu ho dát pryč, zkusila jsem Eset a Malwarebytes Anti-Malware a nic. Pomůžete mi s odstraněním? Přikládám log z AdwCleaner a RSIT

AdwCleaner
# AdwCleaner v4.201 - Log vytvořen 21/04/2015 v 11:23:21
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-20.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : User - USER-PC
# Spuštěno z : C:\Users\User\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 cs)


-\\ Google Chrome v42.0.2311.90

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=13.2.0.4&sap=hp

*************************

AdwCleaner[R0].txt - [14734 bytů] - [21/04/2015 02:08:46]
AdwCleaner[R1].txt - [14793 bytů] - [21/04/2015 11:12:06]
AdwCleaner[R2].txt - [1375 bytů] - [21/04/2015 11:20:21]
AdwCleaner[S0].txt - [14900 bytů] - [21/04/2015 11:14:10]
AdwCleaner[S1].txt - [1298 bytů] - [21/04/2015 11:23:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1356 bytů] ##########



RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2015-04-21 11:52:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 41 GB (9%) free of 477 GB
Total RAM: 3327 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:16, on 21.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BiznUxah] regsvr32.exe "C:\ProgramData\BiznUxah\YalyuNbeqe.gbv"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: TotalMedia Server.lnk = C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink Product - 2013/09/11 23:54:55 (CLKMSVC10_B91CB6D3) - CyberLink - C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 18511 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe --uninstall=1
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe --uninstall=1
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job - C:\Program Files\AVG Secure Search\PostInstall\ROC.exe --uninstall=1

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, personas@christopher.beard:1.6.2, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\extensions\
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-11-20 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-11-20 520192]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26 349640]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13 1307928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2010-02-03 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2012-03-27 40376]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2012-03-26 640440]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"NBKeyScan"=C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-12-05 2254120]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-06-29 74752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2012-01-04 3508624]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]
"PowerDVD12DMREngine"=C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-01-02 501544]
"PowerDVD12Agent"=C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-02-21 371256]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-08-24 336992]
"InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2011-07-11 701736]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2011-03-09 107816]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2012-05-23 78352]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2010-09-17 222504]
"PowerDVD13Agent"=C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe [2013-07-05 517144]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-23 2615624]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-23 906648]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-23 140568]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"StartCCC"=C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [2014-11-20 748232]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2014-12-13 2210040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2003-08-07 77824]
"WEBTRAN"= []
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2012-01-04 937872]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-01-04 21392]
"Power2GoExpress"=NA []
"Google Update"=C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05 107848]
"BiznUxah"=regsvr32.exe C:\ProgramData\BiznUxah\YalyuNbeqe.gbv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imzkgf]
regsvr32.exe C:\ProgramData\imzkgf.dat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmfgpmo]
regsvr32.exe C:\ProgramData\tmfgpmo.dat []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
TotalMedia Server.lnk - C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"midi9"=wdmaud.drv
"wave9"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2015-04-21 02:37:52 ----D---- C:\Program Files\Mozilla Firefox
2015-04-21 02:26:30 ----D---- C:\rsit
2015-04-21 02:26:30 ----D---- C:\Program Files\trend micro
2015-04-21 02:08:31 ----D---- C:\AdwCleaner
2015-04-21 01:46:16 ----A---- C:\Windows\ntbtlog.txt
2015-04-21 00:50:17 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-04-21 00:49:48 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-04-21 00:49:48 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-04-21 00:49:48 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-21 00:49:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-04-20 23:28:58 ----D---- C:\ProgramData\BiznUxah
2015-04-15 11:34:05 ----SHD---- C:\Config.Msi
2015-04-15 10:13:55 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 10:13:55 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 10:13:55 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 10:13:55 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 10:13:55 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 10:13:55 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 10:13:53 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 10:13:53 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 10:13:51 ----A---- C:\Windows\system32\clfs.sys
2015-04-15 10:13:50 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 10:13:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:13:47 ----A---- C:\Windows\system32\ntdll.dll
2015-04-15 10:13:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-04-15 10:13:45 ----A---- C:\Windows\system32\srcore.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\smss.exe
2015-04-15 10:13:45 ----A---- C:\Windows\system32\schannel.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\rstrui.exe
2015-04-15 10:13:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\kerberos.dll
2015-04-15 10:13:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-15 10:13:45 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-15 10:13:44 ----A---- C:\Windows\system32\wdigest.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\sspicli.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\srclient.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\secur32.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\lsass.exe
2015-04-15 10:13:44 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\credssp.dll
2015-04-15 10:13:44 ----A---- C:\Windows\system32\auditpol.exe
2015-04-15 10:13:44 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-15 10:13:43 ----A---- C:\Windows\system32\msobjs.dll
2015-04-15 10:13:43 ----A---- C:\Windows\system32\msaudite.dll
2015-04-15 10:13:43 ----A---- C:\Windows\system32\adtschema.dll
2015-04-15 10:13:35 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 10:13:34 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:13:34 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:13:34 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:13:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:13:33 ----A---- C:\Windows\system32\iernonce.dll
2015-04-15 10:13:33 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-15 10:13:33 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-15 10:13:32 ----A---- C:\Windows\system32\urlmon.dll
2015-04-15 10:13:32 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-15 10:13:31 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-15 10:13:31 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-15 10:13:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-15 10:13:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-15 10:13:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-15 10:13:29 ----A---- C:\Windows\system32\msrating.dll
2015-04-15 10:13:29 ----A---- C:\Windows\system32\iesetup.dll
2015-04-15 10:13:28 ----A---- C:\Windows\system32\wininet.dll
2015-04-15 10:13:28 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:13:27 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-15 10:13:26 ----A---- C:\Windows\system32\ieui.dll
2015-04-15 10:13:25 ----A---- C:\Windows\system32\ieframe.dll
2015-04-15 10:13:23 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:13:23 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-15 10:13:22 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:13:22 ----A---- C:\Windows\system32\iertutil.dll
2015-04-15 10:13:20 ----A---- C:\Windows\system32\mshtml.dll
2015-04-15 10:13:19 ----A---- C:\Windows\system32\vbscript.dll
2015-04-15 10:13:18 ----A---- C:\Windows\system32\jscript9.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wups.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 10:12:52 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:12:51 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 10:12:51 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:12:45 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 10:12:44 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 10:12:44 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 00:26:10 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-04 19:40:09 ----D---- C:\Program Files\Mozilla Thunderbird
2015-04-04 18:01:19 ----SD---- C:\Windows\system32\GWX
2015-03-27 00:55:16 ----D---- C:\Users\User\AppData\Roaming\8627

======List of files/folders modified in the last 1 month======

2015-04-21 11:53:03 ----D---- C:\Windows\Temp
2015-04-21 11:52:44 ----D---- C:\Windows\Prefetch
2015-04-21 11:30:56 ----D---- C:\Windows\System32
2015-04-21 11:30:56 ----D---- C:\Windows\inf
2015-04-21 11:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-21 11:24:28 ----D---- C:\Windows\system32\drivers
2015-04-21 11:24:18 ----D---- C:\ProgramData\NVIDIA
2015-04-21 11:23:36 ----D---- C:\Windows\system32\config
2015-04-21 11:15:10 ----D---- C:\Program Files\Common Files
2015-04-21 11:14:50 ----D---- C:\Program Files
2015-04-21 11:14:17 ----HD---- C:\ProgramData
2015-04-21 11:07:28 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-04-21 06:28:50 ----D---- C:\Windows\AppCompat
2015-04-21 06:12:22 ----SHD---- C:\System Volume Information
2015-04-21 01:46:16 ----AD---- C:\Windows
2015-04-21 01:24:01 ----D---- C:\Windows\Cursors
2015-04-21 01:10:42 ----D---- C:\Users\User\AppData\Roaming\wfirewall
2015-04-21 00:58:19 ----D---- C:\Windows\Globalization
2015-04-21 00:58:14 ----D---- C:\ProgramData\ICQ
2015-04-21 00:49:48 ----D---- C:\ProgramData\Malwarebytes
2015-04-21 00:25:06 ----D---- C:\Windows\debug
2015-04-19 16:01:01 ----D---- C:\Windows\rescache
2015-04-18 19:32:30 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2015-04-17 21:43:11 ----D---- C:\Users\User\AppData\Roaming\FileZilla
2015-04-16 15:32:07 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2015-04-15 15:22:08 ----D---- C:\Windows\Microsoft.NET
2015-04-15 15:19:18 ----RSD---- C:\Windows\assembly
2015-04-15 12:39:24 ----D---- C:\Windows\winsxs
2015-04-15 12:35:18 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 12:35:16 ----D---- C:\Windows\system32\appraiser
2015-04-15 12:35:16 ----D---- C:\Windows\AppPatch
2015-04-15 12:35:14 ----D---- C:\Windows\system32\en-US
2015-04-15 12:35:14 ----D---- C:\Windows\system32\cs-CZ
2015-04-15 12:35:12 ----D---- C:\Program Files\Internet Explorer
2015-04-15 12:35:09 ----D---- C:\Windows\PolicyDefinitions
2015-04-15 11:56:48 ----SHD---- C:\Windows\Installer
2015-04-15 11:56:42 ----D---- C:\ProgramData\Microsoft Help
2015-04-15 11:55:42 ----D---- C:\Windows\system32\MRT
2015-04-15 11:42:44 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 11:36:25 ----D---- C:\ProgramData\Skype
2015-04-15 11:36:22 ----RD---- C:\Program Files\Skype
2015-04-15 11:35:14 ----A---- C:\Windows\win.ini
2015-04-15 10:11:19 ----D---- C:\Windows\system32\catroot2
2015-04-10 21:48:28 ----D---- C:\Users\User\AppData\Roaming\Skype
2015-04-04 18:01:57 ----D---- C:\Windows\Logs
2015-03-25 19:17:44 ----D---- C:\Windows\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-11-06 129248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-19 721904]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2013-11-06 368736]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2013-11-06 441760]
R1 ArcSec;ArcSec; C:\Windows\system32\drivers\ArcSec.sys [2010-09-21 192504]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2014-08-13 42784]
R1 CLBStor;InstantBurn Storage Helper Driver; C:\Windows\system32\drivers\CLBStor.sys [2011-07-11 15784]
R1 DVDHelp;DVD Video Region CSS free Filter Driver; C:\Windows\system32\drivers\DVDHelp.sys [2014-02-25 25624]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-03-31 73728]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-08-24 113104]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2010-02-03 73312]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\Windows\system32\drivers\CLBUDF.sys [2011-07-11 163880]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2011-10-27 120432]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2013-11-06 44384]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2012-05-02 121208]
R3 AVerA706;AVerMedia A706 BDA Service; C:\Windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-08-23 48640]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 23256]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-04-21 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2014-10-09 161424]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 290304]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-05 99856]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\Windows\system32\DRIVERS\AVerBDA3x.sys [2007-08-29 1183744]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 fdrawcmd;Low-level Floppy Driver; \??\C:\Windows\system32\drivers\fdrawcmd.sys [2010-04-24 27896]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-17 47360]
S3 PSSDK42;PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [2010-07-27 38976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-23 427288]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 217088]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2014-11-20 276992]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-02-21 87336]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-02-21 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-02-21 296232]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-12-13 669840]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-23 495832]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-13 240408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-13 193816]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2013/09/11 23:54:55; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-23 243728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-25 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-02-03 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-31 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-25 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 102912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-21 148080]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[altrok]

Zdravim


Pokud nepouzivate, odinstalujte Bing Bar.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

• Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
• ukoncete vsechny programy
• kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
• po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

  Kód: Vybrat vše

  :commands
  [Purity]
  [EmptyTemp]
  [EmptyFlash]
  [EmptyJava]
  [CreateRestorePoint]
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  C:\ProgramData\BiznUxah
  C:\ProgramData\imzkgf.dat
  C:\ProgramData\tmfgpmo.dat
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "AdobeCS4ServiceManager"=-
  "Adobe Acrobat Speed Launcher"=-
  "Acrobat Assistant 8.0"=-
  "Adobe Reader Speed Launcher"=-
  "QuickTime Task"=-
  "BCSSync"=-
  "SunJavaUpdateSched"=-
  "UpdatePPShortCut"=-
  "NvBackend"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "OEXPRESS"=-
  "WEBTRAN"=-
  "Google Update"=-
  "BiznUxah"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imzkgf]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmfgpmo]

[lucie.kv]

Log z OTM

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: admina

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 313082553 bytes
->Temporary Internet Files folder emptied: 118315974 bytes
->Java cache emptied: 1859839 bytes
->FireFox cache emptied: 436935374 bytes
->Google Chrome cache emptied: 440787250 bytes
->Opera cache emptied: 20450037 bytes
->Flash cache emptied: 863 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 805 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 92723 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 270,00 mb


[EMPTYFLASH]

User: admina

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: admina

User: All Users

User: Default

User: Default User

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE6.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20E9.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3543.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A1.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E20.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP644F.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6F36.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP93F5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9447.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD11.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBA6.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBDC3.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDCF6.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFBEB.tmp folder moved successfully.
C:\Windows\Installer\MSI141A.tmp moved successfully.
C:\Windows\Installer\MSI4125.tmp moved successfully.
C:\Windows\Installer\MSI6F2C.tmp moved successfully.
C:\Windows\Installer\MSI79A.tmp moved successfully.
C:\Windows\Installer\MSIF16E.tmp moved successfully.
C:\Windows\System32\catroot\TMPCD9F.tmp moved successfully.
C:\ProgramData\BiznUxah folder moved successfully.
File/Folder C:\ProgramData\imzkgf.dat not found.
File/Folder C:\ProgramData\tmfgpmo.dat not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS4ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdatePPShortCut deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WEBTRAN deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BiznUxah deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imzkgf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmfgpmo\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 04212015_141837

Files moved on Reboot...
File move failed. C:\Users\User\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\70e0e7f728b13ff39b031723914ca515_fce8395c8fd8a86e_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\70e0e7f728b13ff39b031723914ca515_fce8395c8fd8a86e_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[altrok]

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[lucie.kv]

Addition.rar

(9.8 KiB) Staženo 41 x

Log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by User (administrator) on USER-PC on 21-04-2015 16:24:36
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(CyberLink Corporation.) C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files\Logitech\Profiler\LWEMon.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2029640 2009-05-14] (ESET)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe [2254120 2008-12-05] (Nero AG)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2010-06-29] (Nullsoft, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-01-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [PowerDVD12DMREngine] => C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [501544 2012-01-02] (CyberLink)
HKLM\...\Run: [PowerDVD12Agent] => C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe [371256 2012-02-21] (CyberLink Corp.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd)
HKLM\...\Run: [InstantBurn] => C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2011-07-11] (CyberLink Corporation.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM\...\Run: [PowerDVD13Agent] => C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-07-05] (CyberLink Corp.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [906648 2007-10-23] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-23] (Acronis)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Profiler\lwemon.exe [77824 2003-08-07] (Logitech Inc.)
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\Run: [KiesHelper] => C:\Program Files\Samsung\Kies\KiesHelper.exe [937872 2012-01-04] (Samsung)
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-01-04] ()
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: D - D:\acer.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e61d-f165-11e2-8176-0009dd507ce9} - J:\AutoRun.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e62b-f165-11e2-8176-0009dd507ce9} - K:\AutoRun.exe
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2009-11-20]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2013-11-13]
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1951563654-3073323279-456428730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1951563654-3073323279-456428730-1000 -> {59DE134B-B2E4-4B62-9DB7-B4CD9A94D69E} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_11776
SearchScopes: HKU\S-1-5-21-1951563654-3073323279-456428730-1000 -> {AAD5D397-376F-48A0-9D28-B5936894286C} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2009-11-20] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04] (Sun Microsystems, Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2009-11-20] ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1951563654-3073323279-456428730-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default
FF SelectedSearchEngine: Firmy.cz
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1951563654-3073323279-456428730-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1951563654-3073323279-456428730-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1951563654-3073323279-456428730-1000: google.com/WidevineMediaOptimizer -> C:\Users\User\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-06-29] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\searchplugins\firmycz.xml [2012-03-02]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\searchplugins\mapycz.xml [2013-04-24]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\searchplugins\zbocz.xml [2013-04-24]
FF Extension: WebTran - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\Extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829} [2009-11-20]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eb7prvba.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-04-21]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2009-11-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009-11-14]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=13.2.0.4&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=18.0.5.292&sap=hp
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=0&sap=hp
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.0.443&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.7.644&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.786&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.799&pid=avg&sg=0&sap=hp"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Seznam Lištička - Email) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-07-28]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-07-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-07]
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Page Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmooaemjmediafeacjplpbpenjnpcneg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-07-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-10-23] (Acronis)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2010-02-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-02-21] (CyberLink Corp.)
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-02-21] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-02-21] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-05] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-05] (CyberLink)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-05-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [731840 2009-05-14] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-12-05] (Prolific Technology Inc.) [File not signed]
R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [192504 2010-09-21] ()
R3 AVerA706; C:\Windows\System32\DRIVERS\AVerA706.sys [1169920 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x; C:\Windows\System32\DRIVERS\AVerBDA3x.sys [1183744 2007-08-29] (AVerMedia TECHNOLOGIES, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
R1 CLBStor; C:\Windows\system32\Drivers\CLBStor.sys [15784 2011-07-11] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\system32\Drivers\CLBUDF.sys [163880 2011-07-11] (CyberLink Corporation.)
R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [25624 2014-02-25] ()
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [133000 2009-05-14] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33096 2009-05-14] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [27896 2010-04-24] (simonowen.com)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-03-31] (EZB Systems, Inc.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2010-07-27] (microOLAP Technologies LTD)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-11-19] () [File not signed]
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2013-11-06] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2013-11-06] (Acronis)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2003-05-14] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [21216 2003-05-14] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5728 2003-05-14] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [44288 2003-05-14] (Logitech Inc.)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-07-06] (CyberLink Corp.)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-04-17] (CyberLink Corp.)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 16:24 - 2015-04-21 16:25 - 00034204 _____ () C:\Users\User\Desktop\FRST.txt
2015-04-21 16:21 - 2015-04-21 16:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-04-21 16:19 - 2015-04-21 16:24 - 00000000 ____D () C:\FRST
2015-04-21 16:18 - 2015-04-21 16:18 - 01139200 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-04-21 14:18 - 2015-04-21 14:18 - 00000000 ____D () C:\_OTM
2015-04-21 14:16 - 2015-04-21 14:16 - 00522240 _____ (OldTimer Tools) C:\Users\User\Desktop\OTM.exe
2015-04-21 11:26 - 2015-04-21 14:18 - 00001477 _____ () C:\Users\User\Desktop\Adw.txt
2015-04-21 02:37 - 2015-04-21 02:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-21 02:26 - 2015-04-21 11:52 - 00000000 ____D () C:\Program Files\trend micro
2015-04-21 02:26 - 2015-04-21 02:27 - 00000000 ____D () C:\rsit
2015-04-21 02:26 - 2015-04-21 02:26 - 01107968 _____ () C:\Users\User\Desktop\RSIT.exe
2015-04-21 02:08 - 2015-04-21 11:23 - 00000000 ____D () C:\AdwCleaner
2015-04-21 02:08 - 2015-04-21 02:08 - 02217984 _____ () C:\Users\User\Desktop\adwcleaner_4.201.exe
2015-04-21 00:59 - 2015-04-21 01:46 - 00109964 _____ () C:\Windows\PFRO.log
2015-04-21 00:50 - 2015-04-21 14:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 00:49 - 2015-04-21 00:49 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-21 00:49 - 2015-04-21 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-21 00:49 - 2015-04-21 00:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-21 00:49 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-21 00:49 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-21 00:49 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 00:38 - 2015-04-21 14:26 - 00001344 _____ () C:\Windows\setupact.log
2015-04-21 00:38 - 2015-04-21 00:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 10:13 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:13 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:13 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:13 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 10:13 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:13 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:13 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:13 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:13 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:13 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:13 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:13 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:13 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:13 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:13 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:13 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:13 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:13 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:13 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:13 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:13 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:13 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:13 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:13 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:13 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:13 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:13 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:13 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:13 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:13 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:13 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:13 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:13 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:13 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:13 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:13 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:13 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:13 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:13 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:13 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:13 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:13 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:13 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:12 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:12 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:12 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:12 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:12 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:12 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 00:26 - 2015-04-15 12:26 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-14 21:14 - 2015-04-14 21:19 - 00000000 ____D () C:\Users\User\Desktop\Nová složka (2)
2015-04-04 19:40 - 2015-04-06 10:31 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-04 18:01 - 2015-04-04 18:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 03:58 - 2015-04-21 00:49 - 00000000 ____D () C:\Users\User\Desktop\Sultán
2015-04-04 03:57 - 2015-04-04 03:58 - 00000000 ___RD () C:\Users\User\Desktop\Má složka
2015-03-27 00:55 - 2015-03-27 00:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\8627

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 16:26 - 2012-03-29 14:05 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 16:13 - 2009-11-04 19:32 - 01949924 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 15:38 - 2015-02-10 21:33 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job
2015-04-21 14:34 - 2009-07-14 06:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 14:34 - 2009-07-14 06:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 14:25 - 2015-01-20 18:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-21 14:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 12:12 - 2009-11-04 19:36 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-21 11:07 - 2012-04-25 10:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-21 06:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-21 01:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Cursors
2015-04-21 01:10 - 2014-05-26 20:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\wfirewall
2015-04-21 00:58 - 2009-11-23 20:58 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-21 00:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2015-04-21 00:49 - 2010-09-24 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-20 20:38 - 2015-02-10 21:33 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job
2015-04-19 16:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-18 19:32 - 2009-12-26 13:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-04-18 18:33 - 2012-05-17 10:59 - 00000000 ____D () C:\Users\User\Documents\Mozilla
2015-04-18 18:33 - 2010-11-27 04:25 - 00000000 ____D () C:\Users\User\Documents\Nová složka
2015-04-17 21:43 - 2012-10-29 23:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla
2015-04-17 10:33 - 2013-12-25 20:02 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 15:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 12:35 - 2014-12-10 15:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 12:35 - 2014-05-06 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 11:56 - 2009-11-04 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:55 - 2013-07-19 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:42 - 2009-11-04 19:39 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:36 - 2014-10-02 21:52 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 11:36 - 2012-10-20 01:51 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 11:35 - 2009-07-14 04:04 - 00000492 _____ () C:\Windows\win.ini
2015-04-14 02:07 - 2015-03-15 22:55 - 00000000 ____D () C:\Users\User\Desktop\Nová složka
2015-04-10 21:48 - 2012-10-20 01:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-26 02:34 - 2015-02-27 12:57 - 00000292 _____ () C:\Users\User\Desktop\Těžba.txt
2015-03-25 03:27 - 2009-11-20 00:03 - 00000000 ____D () C:\Users\User\Documents\Soubory PSP

==================== Files in the root of some directories =======

2013-06-27 03:56 - 2014-06-22 21:33 - 0003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-07-28 12:10 - 2014-07-28 12:13 - 0000547 _____ () C:\Users\User\AppData\Roaming\FreeDesktopClock.ini
2009-11-17 03:46 - 2014-03-18 19:34 - 0087608 _____ () C:\Users\User\AppData\Roaming\inst.exe
2009-11-17 03:46 - 2014-03-18 19:34 - 0007887 _____ () C:\Users\User\AppData\Roaming\pcouffin.cat
2009-11-17 03:46 - 2014-03-18 19:34 - 0001144 _____ () C:\Users\User\AppData\Roaming\pcouffin.inf
2009-11-17 03:47 - 2014-03-18 19:34 - 0000055 _____ () C:\Users\User\AppData\Roaming\pcouffin.log
2009-11-17 03:46 - 2014-03-18 19:34 - 0047360 _____ (VSO Software) C:\Users\User\AppData\Roaming\pcouffin.sys
2009-12-22 22:33 - 2011-01-06 02:57 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-22 22:53 - 2010-03-07 13:59 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2012-04-05 05:27 - 2012-11-16 01:01 - 0022297 _____ () C:\Users\User\AppData\Local\SRDownloader.err
2010-11-27 04:29 - 2012-11-16 03:05 - 0001280 _____ () C:\Users\User\AppData\Local\SRDownloader.nast
2012-12-27 01:49 - 2013-04-15 22:05 - 0000088 ___SH () C:\ProgramData\.zreglib
2010-09-24 21:36 - 2010-09-24 21:45 - 0000000 _____ () C:\ProgramData\CLDShowX.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Multiple Image Resizer .NET (HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\InstallShield_{011D0235-589D-4B60-B952-3507C7E8D8D8}) (Version: 2.0.0.0 - Acumen Business Systems Ltd)
Multiple Image Resizer .NET (Version: 2.0.0.0 - Acumen Business Systems Ltd) Hidden

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 4.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 4.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 29336 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

Na ESET Smart Security mate zakoupenou licenci?

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: D - D:\acer.exe
  HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: E - E:\setup.exe
  HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e61d-f165-11e2-8176-0009dd507ce9} - J:\AutoRun.exe
  HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e62b-f165-11e2-8176-0009dd507ce9} - K:\AutoRun.exe
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-1951563654-3073323279-456428730-1000 -> {AAD5D397-376F-48A0-9D28-B5936894286C} URL = 
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-04-21]
  CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=13.2.0.4&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=18.0.5.292&sap=hp
  hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=0&sap=hp
  hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.0.443&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.7.644&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.786&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.799&pid=avg&sg=0&sap=hp"
  CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
  CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
  CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
  CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
  CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
  CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
  
  R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
  C:\Windows\system32\drivers\avgtpx86.sys
  S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
  S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
  S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
  S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
  S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
  S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
  S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
  S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
  S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
  
  2015-04-21 16:21 - 2015-04-21 16:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
  2015-04-21 11:26 - 2015-04-21 14:18 - 00001477 _____ () C:\Users\User\Desktop\Adw.txt
  2015-04-21 02:26 - 2015-04-21 11:52 - 00000000 ____D () C:\Program Files\trend micro
  2015-04-21 02:26 - 2015-04-21 02:27 - 00000000 ____D () C:\rsit
  2015-04-21 02:26 - 2015-04-21 02:26 - 01107968 _____ () C:\Users\User\Desktop\RSIT.exe
  2015-04-21 02:08 - 2015-04-21 11:23 - 00000000 ____D () C:\AdwCleaner
  2015-04-21 02:08 - 2015-04-21 02:08 - 02217984 _____ () C:\Users\User\Desktop\adwcleaner_4.201.exe
  2013-06-27 03:56 - 2014-06-22 21:33 - 0003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
  
  Task: {1211B811-2843-47F9-80F8-450A52DEABA7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe
  Task: {14402861-D462-4F1B-8A73-CEED22768303} - No Task path
  Task: {1ABBFD95-F803-49A8-865D-6D10B08F1C53} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe
  Task: {1F425657-6122-4791-BEEF-008FCD6B4F95} - System32\Tasks\{B8282D56-FC93-45CC-9AF9-51A239D50ABC} => pcalua.exe -a "J:\WinRAR 370 Full cz\WinRAR 3.70 CZ.exe" -d "J:\WinRAR 370 Full cz"
  Task: {30946873-2F8A-4EDE-8F2B-1B27047DB358} - System32\Tasks\{11A22F24-CEDF-4DB5-973B-E150D788C3AD} => pcalua.exe -a "C:\Users\User\Documents\ALC_1.9.8.7612\Alcohol 120% v1.9.8.7612\RmK-FreE_Loader.exe" -d "C:\Users\User\Documents\ALC_1.9.8.7612\Alcohol 120% v1.9.8.7612"
  Task: {9FCE62C6-03C8-413F-8E39-53282E70AF7B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
  Task: {BCAB0886-A44A-4E71-BC40-F12228E3AC48} - System32\Tasks\{6C6A1128-1E90-54CD-BC42-EC2293306738} => C:\Users\User\AppData\Roaming\24029\famqzyo.exe
  Task: {C31E892D-9D00-4681-BD52-5E4BDE901333} - System32\Tasks\{C1F77777-E87F-4260-9B5F-8703B2835673} => pcalua.exe -a "C:\Users\User\Desktop\Akta\Nová složka (2)\alphbt42_setup.exe" -d "C:\Users\User\Desktop\Akta\Nová složka (2)"
  Task: {C534158E-163E-445A-8596-1A342EEDDEF7} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
  Task: {D8924B71-1978-4087-8350-6088F31089A6} - System32\Tasks\{113E3B16-B644-4400-BCA2-F8C1C5F0C297} => pcalua.exe -a E:\Stahování\install_flash_player_plugin.exe -d E:\Stahování
  Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe <==== ATTENTION
  Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe <==== ATTENTION
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
  
  Folder: C:\Users\User\AppData\Roaming\8627
  CMD: dir "%appdata%"
  Hosts:
  Reboot:
  End
  

[lucie.kv]

Ano, na ESET Smart Security mám koupenou licenci, používám ho 6 let. Po použiti OTM a i teď pon restartu počítače se už hláška od Esetu, že je v operační paměti ten trojský kůň, neobjevila. A počítač se po tom pročištění hodně zrychlil.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by User at 2015-04-21 17:32:27 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: D - D:\acer.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e61d-f165-11e2-8176-0009dd507ce9} - J:\AutoRun.exe
HKU\S-1-5-21-1951563654-3073323279-456428730-1000\...\MountPoints2: {0844e62b-f165-11e2-8176-0009dd507ce9} - K:\AutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1951563654-3073323279-456428730-1000 -> {AAD5D397-376F-48A0-9D28-B5936894286C} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-04-21]
CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=13.2.0.4&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=18.0.5.292&sap=hp
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=0&sap=hp
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.0.443&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.7.644&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.786&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.799&pid=avg&sg=0&sap=hp"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]

2015-04-21 16:21 - 2015-04-21 16:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-04-21 11:26 - 2015-04-21 14:18 - 00001477 _____ () C:\Users\User\Desktop\Adw.txt
2015-04-21 02:26 - 2015-04-21 11:52 - 00000000 ____D () C:\Program Files\trend micro
2015-04-21 02:26 - 2015-04-21 02:27 - 00000000 ____D () C:\rsit
2015-04-21 02:26 - 2015-04-21 02:26 - 01107968 _____ () C:\Users\User\Desktop\RSIT.exe
2015-04-21 02:08 - 2015-04-21 11:23 - 00000000 ____D () C:\AdwCleaner
2015-04-21 02:08 - 2015-04-21 02:08 - 02217984 _____ () C:\Users\User\Desktop\adwcleaner_4.201.exe
2013-06-27 03:56 - 2014-06-22 21:33 - 0003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml

Task: {1211B811-2843-47F9-80F8-450A52DEABA7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe
Task: {14402861-D462-4F1B-8A73-CEED22768303} - No Task path
Task: {1ABBFD95-F803-49A8-865D-6D10B08F1C53} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe
Task: {1F425657-6122-4791-BEEF-008FCD6B4F95} - System32\Tasks\{B8282D56-FC93-45CC-9AF9-51A239D50ABC} => pcalua.exe -a "J:\WinRAR 370 Full cz\WinRAR 3.70 CZ.exe" -d "J:\WinRAR 370 Full cz"
Task: {30946873-2F8A-4EDE-8F2B-1B27047DB358} - System32\Tasks\{11A22F24-CEDF-4DB5-973B-E150D788C3AD} => pcalua.exe -a "C:\Users\User\Documents\ALC_1.9.8.7612\Alcohol 120% v1.9.8.7612\RmK-FreE_Loader.exe" -d "C:\Users\User\Documents\ALC_1.9.8.7612\Alcohol 120% v1.9.8.7612"
Task: {9FCE62C6-03C8-413F-8E39-53282E70AF7B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {BCAB0886-A44A-4E71-BC40-F12228E3AC48} - System32\Tasks\{6C6A1128-1E90-54CD-BC42-EC2293306738} => C:\Users\User\AppData\Roaming\24029\famqzyo.exe
Task: {C31E892D-9D00-4681-BD52-5E4BDE901333} - System32\Tasks\{C1F77777-E87F-4260-9B5F-8703B2835673} => pcalua.exe -a "C:\Users\User\Desktop\Akta\Nová složka (2)\alphbt42_setup.exe" -d "C:\Users\User\Desktop\Akta\Nová složka (2)"
Task: {C534158E-163E-445A-8596-1A342EEDDEF7} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {D8924B71-1978-4087-8350-6088F31089A6} - System32\Tasks\{113E3B16-B644-4400-BCA2-F8C1C5F0C297} => pcalua.exe -a E:\Stahování\install_flash_player_plugin.exe -d E:\Stahování
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{D32A79A8-425D-4447-BDE4-D7DA90D0B26E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{D084EFF1-D505-413D-BF12-36BB2FB5A067}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

Folder: C:\Users\User\AppData\Roaming\8627
CMD: dir "%appdata%"
Hosts:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1951563654-3073323279-456428730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully.
"HKU\S-1-5-21-1951563654-3073323279-456428730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => Key deleted successfully.
"HKU\S-1-5-21-1951563654-3073323279-456428730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0844e61d-f165-11e2-8176-0009dd507ce9}" => Key deleted successfully.
HKCR\CLSID\{0844e61d-f165-11e2-8176-0009dd507ce9} => Key not found.
"HKU\S-1-5-21-1951563654-3073323279-456428730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0844e62b-f165-11e2-8176-0009dd507ce9}" => Key deleted successfully.
HKCR\CLSID\{0844e62b-f165-11e2-8176-0009dd507ce9} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1951563654-3073323279-456428730-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AAD5D397-376F-48A0-9D28-B5936894286C}" => Key deleted successfully.
HKCR\CLSID\{AAD5D397-376F-48A0-9D28-B5936894286C} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} => Moved successfully.
Chrome StartupUrls deleted successfully.
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=14.2.0.1&pid=avg&sg=0&sap=hp => Error: No automatic fix found for this entry.
hxxp://isearch.avg.com/?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&pr=sa&d=2012-11-25 03:14:16&v=15.2.0.5&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.0.443&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.7.644&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.786&pid=avg&sg=0&sap=hp", "hxxp://isearch.avg.com?cid={02BFDB91-64A6-4183-922E-F9422B50E1EC}&mid=166dffff68bc47d0bcded1409bb4951a-88cee84a07759e4f40a090de8c2fc553edb85675&lang=cs&ds=st011&coid=&cmpid=&pr=sa&d=2012-11-25 03:14:16&v=18.1.9.799&pid=avg&sg=0&sap=hp" => Error: No automatic fix found for this entry.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll not found.
C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx86.sys => Moved successfully.
amdiox86 => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
SABKUTIL => Service deleted successfully.
SABProcEnum => Service deleted successfully.
C:\Users\User\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\User\Desktop\Adw.txt => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\User\Desktop\RSIT.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\User\Desktop\adwcleaner_4.201.exe => Moved successfully.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1211B811-2843-47F9-80F8-450A52DEABA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1211B811-2843-47F9-80F8-450A52DEABA7}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14402861-D462-4F1B-8A73-CEED22768303}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14402861-D462-4F1B-8A73-CEED22768303}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeTask: {14402861-D462-4F1B-8A73-CEED22768303} - No Task path => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1ABBFD95-F803-49A8-865D-6D10B08F1C53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ABBFD95-F803-49A8-865D-6D10B08F1C53}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F425657-6122-4791-BEEF-008FCD6B4F95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F425657-6122-4791-BEEF-008FCD6B4F95}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B8282D56-FC93-45CC-9AF9-51A239D50ABC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B8282D56-FC93-45CC-9AF9-51A239D50ABC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30946873-2F8A-4EDE-8F2B-1B27047DB358}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30946873-2F8A-4EDE-8F2B-1B27047DB358}" => Key deleted successfully.
C:\Windows\System32\Tasks\{11A22F24-CEDF-4DB5-973B-E150D788C3AD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11A22F24-CEDF-4DB5-973B-E150D788C3AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9FCE62C6-03C8-413F-8E39-53282E70AF7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCE62C6-03C8-413F-8E39-53282E70AF7B}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCAB0886-A44A-4E71-BC40-F12228E3AC48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCAB0886-A44A-4E71-BC40-F12228E3AC48}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6C6A1128-1E90-54CD-BC42-EC2293306738} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C6A1128-1E90-54CD-BC42-EC2293306738}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C31E892D-9D00-4681-BD52-5E4BDE901333}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31E892D-9D00-4681-BD52-5E4BDE901333}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C1F77777-E87F-4260-9B5F-8703B2835673} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1F77777-E87F-4260-9B5F-8703B2835673}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C534158E-163E-445A-8596-1A342EEDDEF7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C534158E-163E-445A-8596-1A342EEDDEF7}" => Key deleted successfully.
C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8924B71-1978-4087-8350-6088F31089A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8924B71-1978-4087-8350-6088F31089A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{113E3B16-B644-4400-BCA2-F8C1C5F0C297} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{113E3B16-B644-4400-BCA2-F8C1C5F0C297}" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951563654-3073323279-456428730-1000UA.job => Moved successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => Moved successfully.

========================= Folder: C:\Users\User\AppData\Roaming\8627 ========================


====== End of Folder: ======


========= dir "%appdata%" =========

Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 76C3-9488.

V�pis adres��e C:\Users\User\AppData\Roaming

21.04.2015 11:15 <DIR> .
21.04.2015 11:15 <DIR> ..
04.07.2014 03:17 <DIR> 24029
27.03.2015 00:55 <DIR> 8627
07.12.2013 21:16 <DIR> Acronis
13.12.2011 05:08 <DIR> Adobe
02.01.2010 13:52 <DIR> Ahead
09.07.2012 04:06 <DIR> Apple Computer
13.11.2013 21:04 <DIR> ArcSoft
04.11.2009 20:25 <DIR> ATI
04.12.2009 04:48 <DIR> Audacity
24.04.2014 00:52 <DIR> brothel
23.05.2011 02:31 <DIR> BSplayer
23.05.2011 02:14 <DIR> BSplayer Pro
26.12.2009 19:48 <DIR> Canon
30.12.2009 00:14 <DIR> CD-LabelPrint
26.07.2010 02:31 <DIR> ConMet
20.11.2009 00:26 <DIR> Corel
12.09.2013 23:45 <DIR> CyberLink
26.12.2009 22:17 <DIR> DigitalJuice
15.03.2013 01:09 <DIR> dvdcss
05.10.2013 04:09 <DIR> DVDFab
25.02.2014 20:03 <DIR> DVDFab9
02.02.2015 01:55 <DIR> EMBIRD32
09.12.2013 23:46 <DIR> Eqzeot
14.11.2009 02:37 <DIR> ESET
17.04.2015 21:43 <DIR> FileZilla
11.07.2012 05:02 <DIR> foobar2000
28.07.2014 12:13 547 FreeDesktopClock.ini
08.10.2013 11:55 <DIR> GHISLER
15.03.2013 04:44 <DIR> GiliSoft
13.03.2015 21:51 <DIR> gtk-2.0
24.12.2012 01:04 <DIR> ICQ
04.11.2009 19:33 <DIR> Identities
10.02.2015 21:33 <DIR> IDM
18.03.2014 19:34 87�608 inst.exe
16.01.2015 15:39 <DIR> IrfanView
02.02.2015 01:30 <DIR> IsolatedStorage
08.10.2013 11:55 <DIR> LangSoft
04.11.2009 20:15 <DIR> Macromedia
24.09.2010 22:53 <DIR> Malwarebytes
14.07.2009 11:19 <DIR> Media Center Programs
14.11.2009 13:18 <DIR> Mozilla
12.11.2013 12:38 <DIR> MPC-HC
02.11.2013 01:58 <DIR> Nero
21.11.2009 15:11 <DIR> Nokia
25.01.2015 00:31 <DIR> NVIDIA
31.01.2011 21:32 <DIR> Opera
30.05.2012 21:15 <DIR> PC Suite
18.03.2014 19:34 7�887 pcouffin.cat
18.03.2014 19:34 1�144 pcouffin.inf
18.03.2014 19:34 55 pcouffin.log
18.03.2014 19:34 47�360 pcouffin.sys
06.08.2014 22:28 <DIR> PortForward.com
25.11.2012 04:26 <DIR> PowerISO
26.12.2011 21:17 <DIR> Samsung
28.07.2014 12:43 <DIR> Seznam.cz
10.04.2015 21:48 <DIR> Skype
12.11.2013 01:42 <DIR> Specialbit
14.12.2014 15:26 <DIR> Steam
27.12.2013 22:12 <DIR> TeamViewer
10.01.2012 02:27 <DIR> Temp
22.08.2010 22:04 <DIR> Thunderbird
09.12.2013 17:49 <DIR> Uhanf
27.11.2013 02:09 <DIR> Ulozto File Manager
18.04.2015 19:32 <DIR> uTorrent
07.12.2012 01:01 <DIR> VitySoft
18.03.2014 19:34 <DIR> Vso
23.09.2014 10:02 <DIR> wallet
12.09.2013 08:04 <DIR> WebApp
21.04.2015 01:10 <DIR> wfirewall
03.09.2014 12:45 <DIR> Winamp
16.11.2009 13:41 <DIR> WinRAR
06.02.2012 03:53 <DIR> Xilisoft
09.12.2013 14:43 <DIR> Zaqyp
Soubor�: 6, Bajt�: 144�601
Adres���: 69, Voln�ch bajt�: 43�371�941�888

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog 17:33:43 ====

[altrok]

Smazte jeste slozku C:\Users\User\AppData\Roaming\24029

Jinak je na havet cisto, takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[lucie.kv]

Moc jste mi pomohl. Všechno jde zase tak, jak má. Děkuji.

[altrok]

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy