VIRY.CZ

Dobrý den,

nějakou dobu se mi náhodně pomalu načítá facebook (po 10 dalších načtení funguje) a včera jsem začal problém řešit. Pro prevenci jsem nechal ESET Online Scanerem prohledat počítač. V půlce skenu mi začaly vyskakovat nápovědy ve všech programech (Google Chrome, uTorrent, Windows Nápověda). Po chvilce se mi jich načetlo tolik, že se velice zpomalil počítač a byl jsem nucen ho natvrdo vytáhnout z elektřiny (ESET sken se nedokončil, při nalezení viru začaly problémy s otvíráním nápověd). Při dalším zapnutí v Nouzovém režimu se sítí se problém s nápovědou neopakoval. Stáhnul jsem SpyBot a Ad-Aware. SpyBot po instalaci nechtěl zapnout sken několikrát a Ad-Aware se mi podařilo nainstalovat až při dalším zapnutí. Stále to hlásilo různé chyby. Dnes ráno jsem změnil DNS routeru na 8.8.8.8 a 8.8.4.4 a vypnul v Google Chromu automatické načítání proxy. Projel jsem počítač SpyBotem, Ad-Aware a Windows Defender a nic nenašli. Vypnutí proxy facebook trochu urychlilo, ale stále se i při připojení 120 MB/s načítá opravdu pomalu. Napadlo mě, že se mi někdo mohl dostat přes nějakou infikovanou stránku do PC a ovládat ho a po utnutí připojení přes internet daný člověk ztratil kontrolu nad mým PC.

Díky předem za všechny odpovědi a pomoc.

Zde přikládám log z RSIT:

Provedl jsem nyní ještě scan MBAM a přikládám výsledky (31 objektů).

Zdravim

Nedavejte logy do Code! Spatne se to cte.


Nalezy MBAM nechte odstranit.


Po odstraneni nalezu a restartu pc odinstalujte Spybota i AdAware.


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.


Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Děkuji za rychlou odpověď. Zde přikládám oba logy:


# AdwCleaner v4.208 - Log vytvořen 30/07/2015 v 19:33:39
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-26.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Jaroslav - JAROSLAV-PC
# Spuštěno z : C:\Users\Jaroslav\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Soubor Smazáno : C:\Users\Jaroslav\AppData\Roaming\WDTPY

***** [ Naplánované úlohy ] *****

Úloha Smazáno : WDTPY

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Klíč Smazáno : HKLM\SOFTWARE\2e2ba0ab-e564-4181-8f43-aa09b57c8adb
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\AppDataLow\Software\adawarebp
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v


-\\ Google Chrome v44.0.2403.125


-\\ Chrome Canary v


*************************

AdwCleaner[R1].txt - [1417 bytů] - [30/07/2015 19:32:49]
AdwCleaner[S1].txt - [1206 bytů] - [30/07/2015 19:33:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1264 bytů] ##########







Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30.7.2015
Čas skenování: 21:50
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.30.04
Databáze rootkitů: v2015.07.29.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Jaroslav

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 569822
Uplynulý čas: 1 hod, 10 min, 41 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
RiskWare.Tool.CK, D:\Ostatní\Podnikatelka\XXX_pdffactory_pro_v_3_17_server_edition.zip, , [5e8ede09296187af8abf8580867cc23e],
PUP.BitCoinMiner, C:\Windows\inf\MSASGui.exe, , [4e9e7077c9c1280e1a399e52649d43bd],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Nalezy MBAM nechte odstranit, pak MBAM odinstalujte.

Dejte novy log z RSIT

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Přikládám další logy podle postupu:


Logfile of random's system information tool 1.10 (written by random/random)
Run by Jaroslav at 2015-07-31 09:12:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 7 GB (6%) free of 114 GB
Total RAM: 4087 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:47, on 31.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Users\Jaroslav\AppData\Roaming\uTorrent\uTorrent.exe
D:\Audiosurf 2\Audiosurf2.exe
D:\Audiosurf 2\Audiosurf2_Data\StreamingAssets\CoherentUI_Host\windows\CoherentUI_Host.exe
D:\Audiosurf 2\Audiosurf2_Data\StreamingAssets\CoherentUI_Host\windows\CoherentUI_Host.exe
C:\Users\Jaroslav\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Jaroslav.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (User '?')
O4 - HKUS\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Logitech GamePanel Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: RAVCpl64 – zástupce.lnk = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 Startup: Logitech GamePanel Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 Startup: RAVCpl64 – zástupce.lnk = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (User '?')
O4 - Startup: Logitech GamePanel Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
O4 - Startup: RAVCpl64 – zástupce.lnk = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

--
End of file - 11752 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose /background
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose
C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe /scan /cleanclose

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-05 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-06-22 767176]
"Avira Systray"=C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [2015-07-02 134368]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2015-07-15 782008]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-08-13 137352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe []

C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Logitech GamePanel Manager.lnk - C:\Program Files (x86)\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
RAVCpl64 – zástupce.lnk - C:\Program Files (x86)\Realtek\Audio\HDA\RAVCpl64.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"VIDC.FPS1"=frapsvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-31 09:12:45 ----D---- C:\Program Files (x86)\trend micro
2015-07-31 07:52:00 ----D---- C:\ProgramData\Steam
2015-07-30 19:32:48 ----D---- C:\AdwCleaner
2015-07-30 15:06:01 ----D---- C:\ProgramData\Malwarebytes
2015-07-30 15:06:01 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 15:05:37 ----D---- C:\Users\Jaroslav\AppData\Roaming\Avira
2015-07-30 15:03:28 ----D---- C:\Program Files (x86)\CheckPoint
2015-07-30 15:02:21 ----D---- C:\ProgramData\Avira
2015-07-30 15:02:21 ----D---- C:\Program Files (x86)\Avira
2015-07-30 15:02:13 ----D---- C:\ProgramData\CheckPoint
2015-07-30 14:33:26 ----D---- C:\rsit
2015-07-30 13:46:59 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-29 22:29:14 ----A---- C:\Windows\wininit.ini
2015-07-26 21:34:21 ----D---- C:\Users\Jaroslav\AppData\Roaming\BSplayer Pro
2015-07-26 21:34:21 ----D---- C:\Users\Jaroslav\AppData\Roaming\BSplayer
2015-07-26 21:34:17 ----D---- C:\Program Files (x86)\Webteh
2015-07-25 00:42:03 ----D---- C:\Games
2015-07-21 09:01:28 ----D---- C:\ProgramData\ATI
2015-07-21 09:00:24 ----D---- C:\Program Files (x86)\AMD
2015-07-21 07:32:17 ----A---- C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SysWOW64\atmfd.dll
2015-07-15 08:44:09 ----A---- C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SysWOW64\wups.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SysWOW64\wudriver.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SysWOW64\wuapp.exe
2015-07-15 08:44:08 ----A---- C:\Windows\SysWOW64\wuapi.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SysWOW64\jscript9.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SysWOW64\gdi32.dll
2015-07-15 08:44:04 ----A---- C:\Windows\SysWOW64\urlmon.dll
2015-07-15 08:44:04 ----A---- C:\Windows\SysWOW64\mshtml.dll
2015-07-15 08:44:03 ----A---- C:\Windows\SysWOW64\ieui.dll
2015-07-15 08:44:03 ----A---- C:\Windows\SysWOW64\ieframe.dll
2015-07-15 08:44:01 ----A---- C:\Windows\SysWOW64\iertutil.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SysWOW64\iernonce.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SysWOW64\vbscript.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 08:43:58 ----A---- C:\Windows\SysWOW64\iesetup.dll
2015-07-15 08:43:58 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SysWOW64\jscript.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 08:43:57 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SysWOW64\wininet.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SysWOW64\msrating.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 08:43:38 ----A---- C:\Windows\SysWOW64\ole32.dll
2015-07-15 08:43:37 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 08:43:37 ----A---- C:\Windows\SysWOW64\crypt32.dll
2015-07-15 08:43:36 ----A---- C:\Windows\SysWOW64\wintrust.dll
2015-07-15 08:43:36 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\wdigest.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\schannel.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\kerberos.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\sspicli.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\secur32.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\msobjs.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\msaudite.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\credssp.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\auditpol.exe
2015-07-15 08:43:32 ----A---- C:\Windows\SysWOW64\adtschema.dll
2015-07-15 08:43:29 ----A---- C:\Windows\SysWOW64\msi.dll
2015-07-15 08:43:29 ----A---- C:\Windows\SysWOW64\authui.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SysWOW64\msimsg.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SysWOW64\msihnd.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SysWOW64\msiexec.exe

======List of files/folders modified in the last 1 month======

2015-07-31 09:12:46 ----D---- C:\Windows\Temp
2015-07-31 09:12:45 ----RD---- C:\Program Files (x86)
2015-07-31 09:09:26 ----D---- C:\Users\Jaroslav\AppData\Roaming\uTorrent
2015-07-31 07:52:00 ----HD---- C:\ProgramData
2015-07-31 07:48:48 ----SHD---- C:\Windows\Installer
2015-07-31 07:48:48 ----D---- C:\Program Files (x86)\Common Files
2015-07-31 07:48:47 ----D---- C:\Program Files (x86)\Java
2015-07-31 07:48:44 ----D---- C:\Windows\SysWOW64
2015-07-31 07:48:36 ----SHD---- C:\System Volume Information
2015-07-31 07:35:20 ----D---- C:\Windows\System32
2015-07-31 07:35:20 ----D---- C:\Windows\inf
2015-07-31 00:41:02 ----RD---- C:\Program Files
2015-07-31 00:38:06 ----D---- C:\AMD
2015-07-30 21:05:30 ----D---- C:\Users\Jaroslav\AppData\Roaming\Media Player Classic
2015-07-30 20:57:21 ----D---- C:\Windows\ehome
2015-07-30 19:34:52 ----D---- C:\Windows
2015-07-30 19:33:39 ----D---- C:\Windows\Tasks
2015-07-30 19:04:46 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-30 16:22:11 ----D---- C:\ProgramData\Origin
2015-07-30 15:26:34 ----D---- C:\Windows\pss
2015-07-30 15:02:20 ----D---- C:\ProgramData\Package Cache
2015-07-30 14:56:18 ----SD---- C:\ProgramData\Microsoft
2015-07-29 22:34:18 ----D---- C:\Windows\SoftwareDistribution
2015-07-29 16:51:23 ----D---- C:\Users\Jaroslav\AppData\Roaming\Skype
2015-07-28 08:16:34 ----D---- C:\Windows\winsxs
2015-07-25 13:36:34 ----D---- C:\Program Files (x86)\Origin
2015-07-21 19:02:31 ----D---- C:\Windows\debug
2015-07-21 19:01:22 ----D---- C:\Program Files (x86)\QuickTime
2015-07-21 19:00:40 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 12:40:16 ----D---- C:\Windows\Microsoft.NET
2015-07-20 10:36:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-17 20:45:06 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-16 21:04:51 ----D---- C:\Windows\rescache
2015-07-15 15:37:34 ----D---- C:\Windows\SysWOW64\en-US
2015-07-15 15:37:34 ----D---- C:\Windows\SysWOW64\cs-CZ
2015-07-15 15:37:34 ----D---- C:\Windows\PolicyDefinitions
2015-07-15 15:37:33 ----D---- C:\Windows\AppPatch
2015-07-15 12:38:21 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 09:40:31 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2015-07-12 19:56:34 ----SD---- C:\Windows\SysWOW64\GWX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys []
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys []
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys []
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2013-09-12 21712]
S3 FreshIO;FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys []
S3 NTIOLib_1_0_D;NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys []
S3 NTIOLib_1_1_S;NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-07-15 461672]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-07-15 461672]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-07-02 218816]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-14 151552]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2015-02-03 76152]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-08-13 3596752]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-07-15 887128]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-07-15 1213072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-30 268976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-07-25 2007048]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------







































Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Jaroslav (administrator) on JAROSLAV-PC (31-07-2015 09:20:56)
Running from C:\Users\Jaroslav\Desktop
Loaded Profiles: Jaroslav & (Available Profiles: Jaroslav)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
() C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jaroslav\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1326843219-753490134-1656334738-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech GamePanel Manager.lnk [2012-05-17]
ShortcutTarget: Logitech GamePanel Manager.lnk -> C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl (Logitech Inc.)
Startup: C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64 – zástupce.lnk [2012-10-28]
ShortcutTarget: RAVCpl64 – zástupce.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: [NameServer] 8.8.8.8,8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-30] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-30] ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001: ubisoft.com/uplaypc -> D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll No File

Chrome:
=======
CHR Profile: C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (YouTube) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-25]
CHR Extension: (Adblock for Youtube™) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-03-07]
CHR Extension: (Google Search) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - https://clients2.google.com/service/update2/crx

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-14] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2008-06-12] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-31] (Disc Soft Ltd)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [X]
S3 NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 09:20 - 2015-07-31 09:21 - 00018601 _____ C:\Users\Jaroslav\Desktop\FRST.txt
2015-07-31 09:20 - 2015-07-31 09:20 - 00029696 _____ C:\Users\Jaroslav\AppData\Local\MSGBOX.EXE
2015-07-31 09:20 - 2015-07-31 09:20 - 00015327 _____ C:\Users\Jaroslav\Desktop\LM.bat
2015-07-31 09:20 - 2015-07-31 09:20 - 00000000 ____D C:\FRST
2015-07-31 09:19 - 2015-07-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jaroslav\Desktop\FRSTLauncher.exe
2015-07-31 09:14 - 2015-07-31 09:14 - 02168832 _____ (Farbar) C:\Users\Jaroslav\Desktop\FRST64.exe
2015-07-31 09:12 - 2015-07-31 09:12 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-07-31 07:52 - 2015-07-31 07:52 - 00000000 ____D C:\ProgramData\Steam
2015-07-31 07:52 - 2015-07-31 07:52 - 00000000 ____D C:\ProgramData\Steam
2015-07-31 07:50 - 2015-07-31 07:50 - 00000625 _____ C:\Users\Jaroslav\Desktop\Audiosurf 2.lnk
2015-07-31 07:33 - 2015-07-31 07:33 - 01107968 _____ C:\Users\Jaroslav\Desktop\RSIT.exe
2015-07-30 23:13 - 2015-07-30 23:13 - 00001577 _____ C:\Users\Jaroslav\Desktop\mbam – zástupce.lnk
2015-07-30 19:34 - 2015-07-31 07:28 - 00003234 _____ C:\Windows\PFRO.log
2015-07-30 19:34 - 2015-07-31 07:28 - 00000224 _____ C:\Windows\setupact.log
2015-07-30 19:34 - 2015-07-30 19:34 - 05080016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-30 19:34 - 2015-07-30 19:34 - 00000000 _____ C:\Windows\setuperr.log
2015-07-30 19:32 - 2015-07-30 21:48 - 00000000 ____D C:\AdwCleaner
2015-07-30 19:32 - 2015-07-30 19:32 - 02248704 _____ C:\Users\Jaroslav\Desktop\adwcleaner_4.208.exe
2015-07-30 16:21 - 2015-07-30 16:21 - 00109296 _____ C:\Users\Jaroslav\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-30 15:30 - 2015-07-30 15:30 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-30 15:08 - 2015-07-31 07:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 15:06 - 2015-07-30 15:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 15:06 - 2015-07-30 15:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-30 15:06 - 2015-07-30 15:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-30 15:06 - 2015-06-18 09:48 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 15:06 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 15:06 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 15:05 - 2015-07-30 15:05 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Avira
2015-07-30 15:04 - 2015-07-30 15:04 - 00431395 _____ C:\Windows\system32\Drivers\vsconfig.xml
2015-07-30 15:04 - 2015-07-30 15:04 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-07-30 15:04 - 2015-07-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-07-30 15:04 - 2015-07-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-07-30 15:03 - 2015-07-30 15:04 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-07-30 15:03 - 2015-07-15 08:37 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-30 15:03 - 2015-07-15 08:37 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 15:03 - 2015-07-15 08:37 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-30 15:03 - 2015-07-15 08:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-30 15:02 - 2015-07-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 15:02 - 2015-07-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 15:02 - 2015-07-30 15:04 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-30 15:02 - 2015-07-30 15:03 - 00000000 ____D C:\ProgramData\Avira
2015-07-30 15:02 - 2015-07-30 15:03 - 00000000 ____D C:\ProgramData\Avira
2015-07-30 15:02 - 2015-07-30 15:02 - 00000000 ____D C:\ProgramData\CheckPoint
2015-07-30 15:02 - 2015-07-30 15:02 - 00000000 ____D C:\ProgramData\CheckPoint
2015-07-30 14:56 - 2015-07-30 14:56 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-30 14:56 - 2015-07-30 14:56 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-07-30 14:33 - 2015-07-30 14:33 - 00000000 ____D C:\rsit
2015-07-30 13:47 - 2015-07-31 08:53 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-30 13:47 - 2015-07-30 13:47 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-30 13:46 - 2015-07-30 13:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-30 13:46 - 2015-07-30 13:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-30 13:43 - 2015-07-30 13:43 - 00000026 _____ C:\Users\Jaroslav\Desktop\DNS.txt
2015-07-29 22:32 - 2015-07-31 07:33 - 00118158 _____ C:\Windows\WindowsUpdate.log
2015-07-29 22:29 - 2015-07-30 14:56 - 00000540 _____ C:\Windows\wininit.ini
2015-07-29 21:55 - 2015-07-29 21:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 21:48 - 2015-07-29 21:48 - 00449947 ____R C:\Windows\hosts.20150730-133250.backup
2015-07-29 21:33 - 2015-07-29 22:24 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-aware 6
2015-07-29 21:33 - 2015-07-29 21:33 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-29 21:33 - 2015-07-29 21:33 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-29 21:33 - 2015-07-29 21:33 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-28 09:15 - 2015-07-28 09:15 - 00001015 _____ C:\Users\Jaroslav\Desktop\Stranded Deep.lnk
2015-07-28 08:16 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 08:16 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 08:16 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 08:16 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 08:16 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 08:16 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 08:16 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 08:16 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 15:02 - 2015-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source
2015-07-27 15:02 - 2015-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Source
2015-07-26 23:47 - 2015-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-07-26 23:47 - 2015-07-29 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-07-26 21:34 - 2015-07-26 21:41 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\BSplayer
2015-07-26 21:34 - 2015-07-26 21:34 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2015-07-26 21:34 - 2015-07-26 21:34 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2015-07-26 21:34 - 2015-07-26 21:34 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\BSplayer Pro
2015-07-26 21:34 - 2015-07-26 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-07-26 21:34 - 2015-07-26 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-07-26 21:34 - 2015-07-26 21:34 - 00000000 ____D C:\Program Files (x86)\Webteh
2015-07-25 00:42 - 2015-07-31 07:43 - 00000000 ____D C:\Games
2015-07-21 09:01 - 2015-07-21 09:01 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-21 09:01 - 2015-07-21 09:01 - 00000000 ____D C:\ProgramData\ATI
2015-07-21 09:01 - 2015-07-21 09:01 - 00000000 ____D C:\ProgramData\ATI
2015-07-21 09:00 - 2015-07-21 09:00 - 00053443 _____ C:\Windows\SysWOW64\CCCInstall_201507210900455764.log
2015-07-21 09:00 - 2015-07-21 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-21 09:00 - 2015-07-21 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-21 09:00 - 2015-07-21 09:00 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-21 07:32 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 07:32 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 07:32 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 07:32 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 07:32 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:32 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:32 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:32 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:32 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:32 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 08:44 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 08:44 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 08:44 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:44 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 08:44 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 08:44 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 08:44 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 08:44 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 08:44 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 08:44 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 08:44 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 08:44 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:44 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 08:44 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 08:44 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:44 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 08:44 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:44 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 08:44 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 08:44 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:44 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 08:44 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 08:44 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 08:44 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 08:44 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 08:44 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 08:44 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:44 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 08:44 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:44 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 08:44 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 08:44 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 08:44 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 08:44 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 08:44 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 08:44 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 08:44 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 08:44 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 08:44 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 08:44 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 08:43 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 08:43 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 08:43 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 08:43 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 08:43 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 08:43 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 08:43 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 08:43 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 08:43 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 08:43 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 08:43 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 08:43 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 08:43 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 08:43 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 08:43 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 08:43 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 08:43 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 08:43 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 08:43 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 08:43 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 08:43 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:43 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:43 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:43 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 08:43 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:43 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 08:43 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:43 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 08:43 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:43 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 08:43 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:43 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 08:43 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:43 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 08:43 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:43 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 08:43 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:43 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:43 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:43 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:43 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:43 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:43 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 08:43 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 08:43 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 08:43 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 08:43 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 08:43 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 08:43 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 08:43 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 08:43 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:43 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 08:43 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 08:43 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 08:43 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 08:43 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 08:43 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 08:43 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 08:43 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 08:43 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 08:43 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 08:43 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 08:43 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 08:43 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 08:43 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 08:43 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 08:43 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 08:43 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 08:43 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 08:43 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 08:43 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 08:43 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 08:43 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 08:43 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 08:43 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 08:43 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 08:43 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 08:43 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 09:15 - 2014-07-15 09:13 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\uTorrent
2015-07-31 08:36 - 2015-03-07 22:19 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 07:48 - 2013-09-08 10:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-31 07:43 - 2009-07-14 06:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 07:43 - 2009-07-14 06:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 07:35 - 2009-07-14 17:18 - 00672120 _____ C:\Windows\system32\perfh005.dat
2015-07-31 07:35 - 2009-07-14 17:18 - 00142716 _____ C:\Windows\system32\perfc005.dat
2015-07-31 07:35 - 2009-07-14 07:13 - 01593142 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-31 07:29 - 2013-01-22 23:06 - 00243200 _____ C:\Windows\za_mv_raid.ev
2015-07-31 07:29 - 2013-01-22 23:06 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
2015-07-31 07:29 - 2013-01-22 22:56 - 00000008 _____ C:\Windows\mvraidver.dat
2015-07-31 07:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 00:41 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-07-31 00:38 - 2015-02-23 15:13 - 00000000 ____D C:\AMD
2015-07-31 00:30 - 2014-11-23 21:41 - 00000000 ____D C:\Users\Jaroslav\Documents\My Games
2015-07-30 21:05 - 2012-09-17 21:46 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Media Player Classic
2015-07-30 19:04 - 2012-05-17 12:57 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-30 16:23 - 2012-05-17 12:57 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-30 16:22 - 2012-05-17 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-07-30 16:22 - 2012-05-17 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-07-30 15:30 - 2012-06-01 20:52 - 00000000 ____D C:\Program Files\CCleaner
2015-07-30 15:26 - 2013-09-10 22:14 - 00000000 ____D C:\Windows\pss
2015-07-30 15:02 - 2013-03-09 15:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-30 15:02 - 2013-03-09 15:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-30 15:01 - 2012-05-17 14:52 - 00001912 _____ C:\Windows\epplauncher.mif
2015-07-30 13:47 - 2012-05-29 16:01 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\Adobe
2015-07-30 13:38 - 2014-11-18 23:17 - 00000000 __SHD C:\Users\Jaroslav\AppData\Local\EmieBrowserModeList
2015-07-30 13:38 - 2014-08-04 09:32 - 00000000 __SHD C:\Users\Jaroslav\AppData\Local\EmieUserList
2015-07-30 13:38 - 2014-08-04 09:32 - 00000000 __SHD C:\Users\Jaroslav\AppData\Local\EmieSiteList
2015-07-29 16:51 - 2012-05-17 10:12 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Skype
2015-07-29 12:07 - 2015-06-10 17:39 - 00000000 ____D C:\Users\Jaroslav\Desktop\KNIHY
2015-07-28 14:38 - 2009-07-14 07:08 - 00032520 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-28 09:16 - 2014-05-06 22:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 15:17 - 2012-11-05 20:17 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-25 13:40 - 2015-04-05 22:46 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 13:36 - 2012-05-17 13:52 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-21 19:01 - 2014-02-28 23:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-21 19:01 - 2013-10-01 23:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-21 19:00 - 2015-06-11 12:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 19:00 - 2015-06-11 12:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 18:35 - 2012-05-15 17:24 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\Microsoft Help
2015-07-21 08:59 - 2014-12-16 16:35 - 00000000 ____D C:\Program Files\AMD
2015-07-20 10:36 - 2012-05-17 11:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-17 20:45 - 2014-11-18 16:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 20:45 - 2014-11-18 16:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 21:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 07:31 - 2015-03-07 22:19 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 07:31 - 2015-03-07 22:19 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 07:31 - 2015-01-17 13:46 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 15:37 - 2014-12-11 05:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 12:38 - 2012-05-15 17:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 12:38 - 2012-05-15 17:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 12:34 - 2013-08-15 18:15 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 09:40 - 2012-05-17 12:00 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-07-12 19:56 - 2015-04-05 22:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-05 12:08 - 2012-05-15 16:51 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2012-05-17 12:38 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-05-21 21:09 - 2015-06-25 09:45 - 0020992 _____ () C:\Users\Jaroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-08 10:53 - 2013-06-08 10:53 - 0000000 ___SH () C:\Users\Jaroslav\AppData\Local\LumaEmu
2015-07-31 09:20 - 2015-07-31 09:20 - 0029696 _____ () C:\Users\Jaroslav\AppData\Local\MSGBOX.EXE
2013-07-18 01:28 - 2015-04-27 18:56 - 0007618 _____ () C:\Users\Jaroslav\AppData\Local\Resmon.ResmonCfg
2012-05-19 14:54 - 2012-12-20 16:33 - 0508845 _____ () C:\Users\Jaroslav\AppData\Local\SRDownloader.err
2012-05-15 16:59 - 2013-03-01 21:01 - 0001120 _____ () C:\Users\Jaroslav\AppData\Local\SRDownloader.nast
2014-11-05 16:33 - 2014-11-05 16:33 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Jaroslav\AppData\Local\Temp\avgnt.exe
C:\Users\Jaroslav\AppData\Local\Temp\Quarantine.exe
C:\Users\Jaroslav\AppData\Local\Temp\sqlite3.dll
C:\Users\Jaroslav\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 12:51

==================== End of log ============================

Na zacatku jste tu dal spravny log z RSIT, tedy z verze pro 64bit system. Proc jste ted pouzil spatnou verzi?

RSIT x64



Logfile of random's system information tool 1.10 (written by random/random)
Run by Jaroslav at 2015-08-02 10:26:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 6 GB (5%) free of 114 GB
Total RAM: 4087 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:59, on 2.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jaroslav.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Logitech GamePanel Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl (User '?')
O4 - S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: RAVCpl64 – zástupce.lnk = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (User '?')
O4 - Startup: Logitech GamePanel Manager.lnk = C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
O4 - Startup: RAVCpl64 – zástupce.lnk = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

--
End of file - 10745 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe" -Embedding
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe"
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe"
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe"
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -k runservice
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe"
"C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe" -d "C:/Program Files (x86)/Marvell/raid/Apache2"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe"
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_000007d8
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fa0bb70b-3379-4967-93da-e6b8a57beec9 -SystemEventPortName:HostProcess-9d0de220-a3c4-470a-9766-8aa43f149e35 -IoCancelEventPortName:HostProcess-14dfdd74-d712-4120-b4e8-cd49b5e35bd6 -NonStateChangingEventPortName:HostProcess-296e9b34-de45-4df8-8e82-523c0faf5525 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8ee6363e-4d07-41a6-b01f-92abb1bf2221 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b61573a4-9378-40f1-995e-fe6850c904bb -SystemEventPortName:HostProcess-927d787e-0aed-4d66-8119-46af9b4b596c -IoCancelEventPortName:HostProcess-1d497eca-fb31-4536-a7e3-abd8eb24eb9c -NonStateChangingEventPortName:HostProcess-8cc876a9-d04c-4b56-ba15-34fc4bcc2091 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2a4d21fc-214a-4f37-ab42-0ed076b6d4d2 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {C882D74D-D804-4ED5-AAB6-956B7F92ACA5}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "https://ame.avira.com/ame/redirect?data ... cxNTI0NA=="
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4496.0.1989690029\564401481" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,22,45 --gpu-vendor-id=0x1002 --gpu-device-id=0x6718 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.200.1046.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.2.1012926004\2084821669" --font-cache-shared-handle=1940 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.3.398341942\531637707" --font-cache-shared-handle=2584 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.4.1552531701\201238837" --font-cache-shared-handle=2476 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.7.1878423778\2059910414" --font-cache-shared-handle=4724 /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.9.307516308\1255390083" --font-cache-shared-handle=5244 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.10.107669551\1094845983" --font-cache-shared-handle=4748 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/PP_Ethersuggest_A5_Stable_R8/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_33/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4496.11.1719324935\452280088" --font-cache-shared-handle=3636 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Jaroslav\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose /background
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose
C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe /scan /cleanclose

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]
AviraBrowserSafety.BrowserSafety - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-06-22 767176]
"Avira Systray"=C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [2015-07-02 134368]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2015-07-15 782008]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-08-13 137352]

C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Logitech GamePanel Manager.lnk - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
RAVCpl64 – zástupce.lnk - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-02 10:26:57 ----D---- C:\Program Files\trend micro
2015-07-31 09:20:33 ----D---- C:\FRST
2015-07-31 09:12:45 ----D---- C:\Program Files (x86)\trend micro
2015-07-31 07:52:00 ----D---- C:\ProgramData\Steam
2015-07-30 19:34:47 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-07-30 19:32:48 ----D---- C:\AdwCleaner
2015-07-30 15:08:54 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-07-30 15:06:01 ----D---- C:\ProgramData\Malwarebytes
2015-07-30 15:06:01 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 15:06:01 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-07-30 15:06:01 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-07-30 15:06:01 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-07-30 15:05:37 ----D---- C:\Users\Jaroslav\AppData\Roaming\Avira
2015-07-30 15:03:29 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2015-07-30 15:03:29 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2015-07-30 15:03:29 ----A---- C:\Windows\system32\drivers\avipbb.sys
2015-07-30 15:03:29 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2015-07-30 15:03:28 ----D---- C:\Program Files (x86)\CheckPoint
2015-07-30 15:02:21 ----D---- C:\ProgramData\Avira
2015-07-30 15:02:21 ----D---- C:\Program Files (x86)\Avira
2015-07-30 15:02:13 ----D---- C:\ProgramData\CheckPoint
2015-07-30 14:33:26 ----D---- C:\rsit
2015-07-30 13:46:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-29 22:29:14 ----A---- C:\Windows\wininit.ini
2015-07-29 21:55:42 ----D---- C:\Program Files\Common Files\AV
2015-07-28 08:16:54 ----A---- C:\Windows\system32\invagent.dll
2015-07-28 08:16:54 ----A---- C:\Windows\system32\generaltel.dll
2015-07-28 08:16:54 ----A---- C:\Windows\system32\devinv.dll
2015-07-28 08:16:54 ----A---- C:\Windows\system32\appraiser.dll
2015-07-28 08:16:54 ----A---- C:\Windows\system32\aeinv.dll
2015-07-28 08:16:54 ----A---- C:\Windows\system32\acmigration.dll
2015-07-28 08:16:53 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-07-28 08:16:53 ----A---- C:\Windows\system32\aepdu.dll
2015-07-26 21:34:21 ----D---- C:\Users\Jaroslav\AppData\Roaming\BSplayer Pro
2015-07-26 21:34:21 ----D---- C:\Users\Jaroslav\AppData\Roaming\BSplayer
2015-07-26 21:34:17 ----D---- C:\Program Files (x86)\Webteh
2015-07-25 00:42:03 ----D---- C:\Games
2015-07-21 09:01:28 ----D---- C:\ProgramData\ATI
2015-07-21 09:00:24 ----D---- C:\Program Files (x86)\AMD
2015-07-21 07:32:17 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-21 07:32:17 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-21 07:32:17 ----A---- C:\Windows\system32\lpk.dll
2015-07-21 07:32:17 ----A---- C:\Windows\system32\fontsub.dll
2015-07-21 07:32:17 ----A---- C:\Windows\system32\dciman32.dll
2015-07-21 07:32:17 ----A---- C:\Windows\system32\atmlib.dll
2015-07-21 07:32:17 ----A---- C:\Windows\system32\atmfd.dll
2015-07-15 08:44:09 ----A---- C:\Windows\SYSWOW64\cewmdm.dll
2015-07-15 08:44:09 ----A---- C:\Windows\system32\cewmdm.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-15 08:44:08 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-15 08:44:08 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-15 08:44:08 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-15 08:44:08 ----A---- C:\Windows\system32\wuapp.exe
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wups2.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wups.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wudriver.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wucltux.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wuapi.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 08:44:07 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:44:06 ----A---- C:\Windows\system32\win32k.sys
2015-07-15 08:44:06 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 08:44:06 ----A---- C:\Windows\system32\rdpcorets.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-15 08:44:05 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-15 08:44:05 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-15 08:44:05 ----A---- C:\Windows\system32\jscript9.dll
2015-07-15 08:44:05 ----A---- C:\Windows\system32\gdi32.dll
2015-07-15 08:44:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-15 08:44:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-15 08:44:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-15 08:44:03 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-15 08:44:03 ----A---- C:\Windows\system32\urlmon.dll
2015-07-15 08:44:02 ----A---- C:\Windows\system32\mshtml.dll
2015-07-15 08:44:02 ----A---- C:\Windows\system32\ieui.dll
2015-07-15 08:44:02 ----A---- C:\Windows\system32\ieframe.dll
2015-07-15 08:44:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-15 08:44:01 ----A---- C:\Windows\system32\iertutil.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-15 08:44:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-15 08:44:00 ----A---- C:\Windows\system32\iernonce.dll
2015-07-15 08:44:00 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-15 08:44:00 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-15 08:44:00 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-15 08:43:59 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-15 08:43:59 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-15 08:43:59 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 08:43:58 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-15 08:43:58 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-15 08:43:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 08:43:58 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-15 08:43:57 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-15 08:43:57 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-15 08:43:57 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 08:43:57 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-15 08:43:57 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-15 08:43:56 ----A---- C:\Windows\system32\iesetup.dll
2015-07-15 08:43:56 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-15 08:43:55 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-15 08:43:55 ----A---- C:\Windows\system32\vbscript.dll
2015-07-15 08:43:55 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-15 08:43:55 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-15 08:43:54 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-15 08:43:54 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-15 08:43:53 ----A---- C:\Windows\system32\wininet.dll
2015-07-15 08:43:53 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-15 08:43:53 ----A---- C:\Windows\system32\jscript.dll
2015-07-15 08:43:52 ----A---- C:\Windows\system32\msrating.dll
2015-07-15 08:43:52 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:43:38 ----A---- C:\Windows\SYSWOW64\ole32.dll
2015-07-15 08:43:38 ----A---- C:\Windows\system32\ole32.dll
2015-07-15 08:43:37 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-15 08:43:37 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-15 08:43:37 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-15 08:43:37 ----A---- C:\Windows\system32\crypt32.dll
2015-07-15 08:43:36 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-15 08:43:36 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-15 08:43:36 ----A---- C:\Windows\system32\wintrust.dll
2015-07-15 08:43:36 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-15 08:43:33 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\wdigest.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\sspicli.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\schannel.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\rpcrt4.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\lsass.exe
2015-07-15 08:43:33 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\kerberos.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-15 08:43:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-15 08:43:33 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-15 08:43:33 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-15 08:43:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-15 08:43:33 ----A---- C:\Windows\system32\cryptbase.dll
2015-07-15 08:43:33 ----A---- C:\Windows\system32\auditpol.exe
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-15 08:43:32 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\secur32.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\msobjs.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\msaudite.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\credssp.dll
2015-07-15 08:43:32 ----A---- C:\Windows\system32\adtschema.dll
2015-07-15 08:43:29 ----A---- C:\Windows\SYSWOW64\msi.dll
2015-07-15 08:43:29 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-07-15 08:43:29 ----A---- C:\Windows\system32\msiexec.exe
2015-07-15 08:43:29 ----A---- C:\Windows\system32\msi.dll
2015-07-15 08:43:29 ----A---- C:\Windows\system32\consent.exe
2015-07-15 08:43:29 ----A---- C:\Windows\system32\authui.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SYSWOW64\msimsg.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2015-07-15 08:43:28 ----A---- C:\Windows\SYSWOW64\msiexec.exe
2015-07-15 08:43:28 ----A---- C:\Windows\system32\msimsg.dll
2015-07-15 08:43:28 ----A---- C:\Windows\system32\msihnd.dll
2015-07-15 08:43:28 ----A---- C:\Windows\system32\appinfo.dll

======List of files/folders modified in the last 1 month======

2015-08-02 10:26:58 ----D---- C:\Windows\Temp
2015-08-02 10:26:57 ----RD---- C:\Program Files
2015-08-02 10:19:48 ----D---- C:\Windows\System32
2015-08-02 10:19:48 ----D---- C:\Windows\inf
2015-08-02 10:19:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-02 10:16:13 ----D---- C:\Windows\system32\config
2015-07-31 15:02:18 ----D---- C:\Windows\SysWOW64
2015-07-31 15:02:11 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-07-31 13:29:26 ----D---- C:\ProgramData\Origin
2015-07-31 09:21:20 ----D---- C:\Windows
2015-07-31 09:15:00 ----D---- C:\Users\Jaroslav\AppData\Roaming\uTorrent
2015-07-31 09:12:45 ----RD---- C:\Program Files (x86)
2015-07-31 07:52:00 ----HD---- C:\ProgramData
2015-07-31 07:48:48 ----SHD---- C:\Windows\Installer
2015-07-31 07:48:48 ----D---- C:\Program Files (x86)\Common Files
2015-07-31 07:48:47 ----D---- C:\Program Files (x86)\Java
2015-07-31 07:48:36 ----SHD---- C:\System Volume Information
2015-07-31 07:32:01 ----D---- C:\Windows\system32\LogFiles
2015-07-31 00:41:13 ----D---- C:\Program Files\Microsoft Games
2015-07-31 00:38:06 ----D---- C:\AMD
2015-07-30 21:05:30 ----D---- C:\Users\Jaroslav\AppData\Roaming\Media Player Classic
2015-07-30 20:57:21 ----D---- C:\Windows\system32\drivers
2015-07-30 20:57:21 ----D---- C:\Windows\ehome
2015-07-30 19:33:39 ----D---- C:\Windows\Tasks
2015-07-30 19:33:39 ----D---- C:\Windows\system32\Tasks
2015-07-30 15:30:47 ----D---- C:\Program Files\CCleaner
2015-07-30 15:26:34 ----D---- C:\Windows\pss
2015-07-30 15:04:11 ----D---- C:\Windows\system32\DriverStore
2015-07-30 15:02:20 ----D---- C:\ProgramData\Package Cache
2015-07-30 14:56:18 ----SD---- C:\ProgramData\Microsoft
2015-07-30 14:49:30 ----D---- C:\Program Files\Common Files
2015-07-29 22:34:18 ----D---- C:\Windows\SoftwareDistribution
2015-07-29 16:51:23 ----D---- C:\Users\Jaroslav\AppData\Roaming\Skype
2015-07-28 09:16:05 ----SD---- C:\Windows\system32\CompatTel
2015-07-28 08:16:34 ----D---- C:\Windows\winsxs
2015-07-25 13:40:21 ----SD---- C:\Windows\system32\GWX
2015-07-25 13:36:34 ----D---- C:\Program Files (x86)\Origin
2015-07-21 21:09:03 ----D---- C:\Windows\system32\catroot
2015-07-21 19:02:31 ----D---- C:\Windows\debug
2015-07-21 19:01:36 ----D---- C:\Program Files\Common Files\Apple
2015-07-21 19:01:22 ----D---- C:\Program Files (x86)\QuickTime
2015-07-21 19:00:40 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 19:00:15 ----DC---- C:\Windows\system32\DRVSTORE
2015-07-21 12:40:16 ----D---- C:\Windows\Microsoft.NET
2015-07-21 08:59:54 ----D---- C:\Windows\system32\catroot2
2015-07-21 08:59:22 ----D---- C:\Program Files\AMD
2015-07-20 10:36:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-17 20:45:06 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-16 21:04:51 ----D---- C:\Windows\rescache
2015-07-15 15:37:34 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-15 15:37:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-15 15:37:34 ----D---- C:\Windows\system32\en-US
2015-07-15 15:37:34 ----D---- C:\Windows\system32\cs-CZ
2015-07-15 15:37:34 ----D---- C:\Windows\PolicyDefinitions
2015-07-15 15:37:34 ----D---- C:\Program Files\Internet Explorer
2015-07-15 15:37:33 ----D---- C:\Windows\system32\wbem
2015-07-15 15:37:33 ----D---- C:\Windows\system32\appraiser
2015-07-15 15:37:33 ----D---- C:\Windows\AppPatch
2015-07-15 12:38:21 ----D---- C:\ProgramData\Microsoft Help
2015-07-15 12:34:21 ----D---- C:\Windows\system32\MRT
2015-07-15 09:40:31 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2015-07-12 19:56:34 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-05 12:08:23 ----N---- C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43:04 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv91cons;Marvell 91xx Config Device Driver; C:\Windows\system32\DRIVERS\mv91cons.sys [2009-10-27 22568]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-07-15 141416]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-07-15 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-31 283064]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-08-13 450456]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-07-15 162528]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-07-15 44088]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-06-23 21612032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-06-23 663552]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-05-20 94720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
R3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys [2009-05-01 15896]
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-05-01 327576]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-08-02 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS [2009-05-01 2755096]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2013-09-12 21712]
S3 FreshIO;FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys []
S3 NTIOLib_1_0_D;NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys []
S3 NTIOLib_1_1_S;NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-07-28 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-06-23 245760]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-07-15 461672]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-07-15 461672]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-07-02 218816]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-14 151552]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MRUWebService;MRU Web Service; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-02-03 76152]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-08-13 3596752]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
R4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-07-15 887128]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-07-15 1213072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-30 268976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-06-20 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-07-25 2007048]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-17 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Napiste mi velikost adresare plochy (C:\Users\Jaroslav\Plocha)




Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Velikost plochy před FRST byla 63 mb, aktuální velikost 23 mb.

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015
Ran by Jaroslav (2015-08-02 15:55:12) Run:1
Running from C:\Users\Jaroslav\Desktop
Loaded Profiles: Jaroslav (Available Profiles: Jaroslav)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=3 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @tools.google.com/Google Update;version=9 -> C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll No File

2015-07-29 21:48 - 2015-07-29 21:48 - 00449947 ____R C:\Windows\hosts.20150730-133250.backup
2015-07-29 21:33 - 2015-07-29 22:24 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-aware 6
2015-07-29 21:33 - 2015-07-29 21:33 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-29 21:33 - 2015-07-29 21:33 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-29 21:33 - 2015-07-29 21:33 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-30 268976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07 107848]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\ubisoft.com/uplaypc => key not found.
D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
C:\Users\Jaroslav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll not found.
HKU\S-1-5-21-1326843219-753490134-1656334738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\MozillaPlugins\ubisoft.com/uplaypc => key not found.
D:\Hry\Instalačky\Assassins.Creed.III.v1.04.Update.Repack-SKIDROW\SKIDROW\orbit\npuplaypc.dll not found.
C:\Windows\hosts.20150730-133250.backup => moved successfully.
C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-aware 6 => moved successfully.
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => moved successfully.
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => moved successfully.
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
"C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job" => File/Folder not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
"C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job" => File/Folder not found.
"C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job" => File/Folder not found.
AdobeARMservice => service removed successfully
gupdate => service removed successfully
SkypeUpdate => service removed successfully
AdobeFlashPlayerUpdateSvc => service removed successfully
gupdatem => service removed successfully
Hosts restored successfully.
EmptyTemp: => 485.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:55:26 ====

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 15-08-03.01 - Jaroslav 03.08.2015 19:06:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2769 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Jaroslav\AppData\Local\MSGBOX.EXE
c:\users\Jaroslav\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-03 do 2015-08-03 )))))))))))))))))))))))))))))))
.
.
2015-08-03 17:09 . 2015-08-03 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-02 14:03 . 2015-08-02 21:23 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\TS3Client
2015-08-02 14:03 . 2015-08-02 14:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-08-02 12:09 . 2015-08-02 12:09 -------- d-----w- c:\users\Jaroslav\AppData\Local\CrashRpt
2015-08-02 12:08 . 2006-02-04 01:50 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2015-08-02 12:08 . 2006-02-04 01:50 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2015-08-02 12:03 . 2015-08-02 12:03 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\InstallShield
2015-08-02 08:26 . 2015-08-02 08:26 -------- d-----w- c:\program files\trend micro
2015-07-31 07:20 . 2015-08-02 13:56 -------- d-----w- C:\FRST
2015-07-31 07:12 . 2015-07-31 07:12 -------- d-----w- c:\program files (x86)\trend micro
2015-07-31 05:52 . 2015-07-31 05:52 -------- d-----w- c:\programdata\Steam
2015-07-30 17:32 . 2015-07-30 19:48 -------- d-----w- C:\AdwCleaner
2015-07-30 13:08 . 2015-08-02 08:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-30 13:06 . 2015-07-30 13:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-30 13:06 . 2015-07-30 13:06 -------- d-----w- c:\programdata\Malwarebytes
2015-07-30 13:06 . 2015-06-18 07:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-30 13:06 . 2015-06-18 07:47 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-30 13:06 . 2015-06-18 07:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-30 13:05 . 2015-07-30 13:05 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\Avira
2015-07-30 13:03 . 2015-07-15 06:37 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-07-30 13:03 . 2015-07-15 06:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-07-30 13:03 . 2015-07-15 06:37 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-30 13:03 . 2015-07-15 06:37 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-30 13:03 . 2015-07-30 13:04 -------- d-----w- c:\program files (x86)\CheckPoint
2015-07-30 13:02 . 2015-07-30 13:04 -------- d-----w- c:\program files (x86)\Avira
2015-07-30 13:02 . 2015-07-30 13:03 -------- d-----w- c:\programdata\Avira
2015-07-30 13:02 . 2015-07-30 13:02 -------- d-----w- c:\programdata\CheckPoint
2015-07-30 12:33 . 2015-07-30 12:33 -------- d-----w- C:\rsit
2015-07-30 11:46 . 2015-07-30 11:46 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-30 11:46 . 2015-07-30 11:46 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-29 19:55 . 2015-07-29 19:55 -------- d-----w- c:\program files\Common Files\AV
2015-07-28 06:16 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 06:16 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 06:16 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 06:16 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 06:16 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 06:16 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 06:16 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 06:16 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-26 19:34 . 2015-07-26 19:41 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\BSplayer
2015-07-26 19:34 . 2015-07-26 19:34 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\BSplayer Pro
2015-07-26 19:34 . 2015-07-26 19:34 -------- d-----w- c:\program files (x86)\Webteh
2015-07-24 22:42 . 2015-07-31 05:43 -------- d-----w- C:\Games
2015-07-21 07:01 . 2015-07-21 07:01 -------- d-----w- c:\programdata\ATI
2015-07-21 07:00 . 2015-07-21 07:00 -------- d-----w- c:\program files (x86)\AMD
2015-07-21 05:32 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 05:32 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 05:32 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 05:32 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 05:32 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 05:32 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 05:32 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 05:32 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 05:32 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 05:32 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-15 06:43 . 2015-06-20 20:01 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-31 13:02 . 2012-05-17 10:57 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-07-31 13:02 . 2012-05-17 10:57 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-07-05 10:08 . 2012-05-15 14:51 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 06:43 . 2012-05-17 10:38 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 06:43 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 06:43 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 02:09 . 2015-06-23 02:09 78432 ----a-w- c:\windows\system32\atimpc64.dll
2015-06-23 02:09 . 2015-06-23 02:09 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2015-06-23 02:09 . 2015-06-23 02:09 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2015-06-23 02:09 . 2015-06-23 02:09 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2015-06-23 02:08 . 2012-04-06 01:09 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-06-23 02:08 . 2015-06-23 02:08 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-06-23 02:08 . 2014-11-17 20:15 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-06-23 02:08 . 2015-06-23 02:08 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-06-23 02:08 . 2012-04-06 02:20 1440592 ----a-w- c:\windows\system32\aticfx64.dll
2015-06-23 02:08 . 2015-06-23 02:08 1191320 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-06-23 02:08 . 2012-04-06 01:54 11941000 ----a-w- c:\windows\system32\atidxx64.dll
2015-06-23 02:08 . 2015-06-23 02:08 10087472 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-06-23 02:08 . 2015-06-23 02:08 7927568 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-06-23 02:08 . 2015-06-23 02:08 7407400 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-06-23 02:08 . 2014-11-17 20:15 8890576 ----a-w- c:\windows\system32\atiumd6a.dll
2015-06-23 02:08 . 2014-11-17 20:15 8786040 ----a-w- c:\windows\system32\atiumd64.dll
2015-06-23 02:05 . 2015-06-23 02:05 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-06-23 02:03 . 2015-06-23 02:03 21612032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-06-23 01:59 . 2015-06-23 01:59 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-06-23 01:59 . 2015-06-23 01:59 47782912 ----a-w- c:\windows\system32\amdocl64.dll
2015-06-23 01:58 . 2015-06-23 01:58 39712256 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-06-23 01:57 . 2015-06-23 01:57 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-06-23 01:57 . 2015-06-23 01:57 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-06-23 01:55 . 2015-06-23 01:55 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-06-23 01:55 . 2015-06-23 01:55 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-06-23 01:33 . 2015-06-23 01:33 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-06-23 01:33 . 2015-06-23 01:33 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-06-23 01:33 . 2015-06-23 01:33 6476288 ----a-w- c:\windows\system32\amdmantle64.dll
2015-06-23 01:28 . 2015-06-23 01:28 5067264 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-06-23 01:27 . 2015-06-23 01:27 30749184 ----a-w- c:\windows\system32\atio6axx.dll
2015-06-23 01:25 . 2015-06-23 01:25 93184 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-06-23 01:25 . 2015-06-23 01:25 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-06-23 01:22 . 2015-06-23 01:22 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-06-23 01:22 . 2015-06-23 01:22 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-06-23 01:21 . 2015-06-23 01:21 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-06-23 01:21 . 2015-06-23 01:21 25296896 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-06-23 01:19 . 2015-06-23 01:19 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-06-23 01:19 . 2015-06-23 01:19 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-06-23 01:19 . 2015-06-23 01:19 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-06-23 01:19 . 2015-06-23 01:19 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-06-23 01:19 . 2015-06-23 01:19 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-06-23 01:18 . 2015-06-23 01:18 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-06-23 01:18 . 2015-06-23 01:18 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-06-23 01:14 . 2014-11-17 18:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-06-23 01:14 . 2015-06-23 01:14 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-06-23 01:14 . 2015-06-23 01:14 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-06-23 01:14 . 2015-06-23 01:14 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-06-23 01:14 . 2015-06-23 01:14 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-06-23 01:14 . 2015-06-23 01:14 670720 ----a-w- c:\windows\system32\atieclxx.exe
2015-06-23 01:14 . 2015-06-23 01:14 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-06-23 01:14 . 2015-06-23 01:14 245760 ----a-w- c:\windows\system32\atiesrxx.exe
2015-06-23 01:14 . 2015-06-23 01:14 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-06-23 01:11 . 2014-11-17 17:55 1246208 ----a-w- c:\windows\system32\atiadlxx.dll
2015-06-23 01:11 . 2015-06-23 01:11 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-06-23 01:11 . 2015-06-23 01:11 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-06-23 01:10 . 2015-06-23 01:10 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-06-23 01:10 . 2015-06-23 01:10 663552 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-06-23 01:09 . 2015-06-23 01:09 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-06-23 01:09 . 2015-06-23 01:09 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-06-23 01:07 . 2015-06-23 01:07 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-05-25 18:24 . 2015-06-10 07:41 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 07:41 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:41 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:41 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:41 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:41 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:41 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:41 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:41 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:41 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:41 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:41 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:41 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:41 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:41 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:41 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:41 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:41 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:41 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:41 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 07:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-07-15 782008]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
.
c:\users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech GamePanel Manager.lnk - c:\program files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl [2007-7-18 358672]
RAVCpl64 – zástupce.lnk - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe [2012-10-28 12503184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 14:36 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
TCP: Interfaces\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: NameServer = 8.8.8.8,8.8.8.8
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,83,6b,c5,4f,b2,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,48,4f,21,aa,09,0e,4c,8d,4b,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,48,4f,21,aa,09,0e,4c,8d,4b,a5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2015-08-03 19:12:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-03 17:12
.
Před spuštěním: 6 089 027 584
Po spuštění: 6 643 752 960
.
- - End Of File - - 20E87FF0257AA4F1A08741404C011DCF
A36C5E4F47E84449FF07ED3517B43A31




Zde přikládám log. Ještě jednou chci poděkovat za veškerou pomoc. Přeji příjemný večer.

Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 15-08-03.01 - Jaroslav 04.08.2015 22:39:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.1588 [GMT 2:00]
Spuštěný z: c:\users\Jaroslav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jaroslav\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jaroslav\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\SET91BA.tmp
c:\windows\SysWow64\SET9287.tmp
c:\windows\SysWow64\SETA4AE.tmp
c:\windows\SysWow64\SETBB9F.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-04 do 2015-08-04 )))))))))))))))))))))))))))))))
.
.
2015-08-04 20:42 . 2015-08-04 20:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-08-04 20:42 . 2015-08-04 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-04 20:42 . 2015-08-04 20:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-04 06:40 . 2015-08-04 06:40 -------- d-----w- c:\windows\LastGood.Tmp
2015-08-04 06:26 . 2015-08-04 06:26 -------- d-----w- C:\$Windows.~BT
2015-08-02 14:03 . 2015-08-04 20:22 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\TS3Client
2015-08-02 14:03 . 2015-08-02 14:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-08-02 12:09 . 2015-08-02 12:09 -------- d-----w- c:\users\Jaroslav\AppData\Local\CrashRpt
2015-08-02 12:08 . 2006-02-04 01:50 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2015-08-02 12:08 . 2006-02-04 01:50 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2015-08-02 12:03 . 2015-08-02 12:03 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\InstallShield
2015-08-02 08:26 . 2015-08-02 08:26 -------- d-----w- c:\program files\trend micro
2015-07-31 07:20 . 2015-08-02 13:56 -------- d-----w- C:\FRST
2015-07-31 07:12 . 2015-07-31 07:12 -------- d-----w- c:\program files (x86)\trend micro
2015-07-31 05:52 . 2015-07-31 05:52 -------- d-----w- c:\programdata\Steam
2015-07-30 17:32 . 2015-07-30 19:48 -------- d-----w- C:\AdwCleaner
2015-07-30 13:08 . 2015-08-02 08:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-30 13:06 . 2015-07-30 13:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-30 13:06 . 2015-07-30 13:06 -------- d-----w- c:\programdata\Malwarebytes
2015-07-30 13:06 . 2015-06-18 07:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-30 13:06 . 2015-06-18 07:47 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-30 13:06 . 2015-06-18 07:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-30 13:05 . 2015-07-30 13:05 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\Avira
2015-07-30 13:03 . 2015-07-15 06:37 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-07-30 13:03 . 2015-07-15 06:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-07-30 13:03 . 2015-07-15 06:37 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-30 13:03 . 2015-07-15 06:37 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-30 13:03 . 2015-07-30 13:04 -------- d-----w- c:\program files (x86)\CheckPoint
2015-07-30 13:02 . 2015-07-30 13:04 -------- d-----w- c:\program files (x86)\Avira
2015-07-30 13:02 . 2015-07-30 13:03 -------- d-----w- c:\programdata\Avira
2015-07-30 13:02 . 2015-07-30 13:02 -------- d-----w- c:\programdata\CheckPoint
2015-07-30 12:33 . 2015-07-30 12:33 -------- d-----w- C:\rsit
2015-07-30 11:46 . 2015-07-30 11:46 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-30 11:46 . 2015-07-30 11:46 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-29 19:55 . 2015-07-29 19:55 -------- d-----w- c:\program files\Common Files\AV
2015-07-28 06:16 . 2015-07-25 18:04 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 06:16 . 2015-07-25 18:04 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 06:16 . 2015-07-25 18:03 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 06:16 . 2015-07-25 18:03 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 06:16 . 2015-07-25 18:03 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 06:16 . 2015-07-25 17:55 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 06:16 . 2015-07-25 18:07 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 06:16 . 2015-07-25 18:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-26 19:34 . 2015-07-26 19:41 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\BSplayer
2015-07-26 19:34 . 2015-07-26 19:34 -------- d-----w- c:\users\Jaroslav\AppData\Roaming\BSplayer Pro
2015-07-26 19:34 . 2015-07-26 19:34 -------- d-----w- c:\program files (x86)\Webteh
2015-07-24 22:42 . 2015-07-31 05:43 -------- d-----w- C:\Games
2015-07-21 07:00 . 2015-07-21 07:00 -------- d-----w- c:\program files (x86)\AMD
2015-07-21 05:32 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 05:32 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 05:32 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 05:32 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 05:32 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 05:32 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 05:32 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 05:32 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 05:32 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 05:32 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\atimpc64.dll
2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2015-07-16 02:11 . 2015-07-16 02:11 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-07-16 02:11 . 2015-07-16 02:11 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-07-16 02:11 . 2015-07-16 02:11 11948704 ----a-w- c:\windows\system32\atidxx64.dll
2015-07-16 02:11 . 2015-07-16 02:11 10094152 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-07-16 02:09 . 2015-07-16 02:09 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-07-16 02:06 . 2015-07-16 02:06 21622272 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-07-16 02:01 . 2015-07-16 02:01 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-07-16 02:01 . 2015-07-16 02:01 47785472 ----a-w- c:\windows\system32\amdocl64.dll
2015-07-16 02:00 . 2015-07-16 02:00 39714816 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-07-16 01:59 . 2015-07-16 01:59 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-07-16 01:59 . 2015-07-16 01:59 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-07-16 01:58 . 2015-07-16 01:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-07-16 01:57 . 2015-07-16 01:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-07-16 01:35 . 2015-07-16 01:35 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-07-16 01:35 . 2015-07-16 01:35 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-07-16 01:35 . 2015-07-16 01:35 6477312 ----a-w- c:\windows\system32\amdmantle64.dll
2015-07-16 01:30 . 2015-07-16 01:30 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-07-16 01:28 . 2015-07-16 01:28 30752256 ----a-w- c:\windows\system32\atio6axx.dll
2015-07-16 01:26 . 2015-07-16 01:26 93184 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-07-16 01:26 . 2015-07-16 01:26 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-07-16 01:25 . 2015-07-16 01:25 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-07-16 01:25 . 2015-07-16 01:25 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-07-16 01:22 . 2015-07-16 01:22 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-07-16 01:21 . 2015-07-16 01:21 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-07-16 01:21 . 2015-07-16 01:21 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-07-16 01:21 . 2015-07-16 01:21 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-07-16 01:21 . 2015-07-16 01:21 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-07-16 01:21 . 2015-07-16 01:21 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-07-16 01:21 . 2015-07-16 01:21 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-07-16 01:20 . 2015-07-16 01:20 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-07-16 01:17 . 2015-07-16 01:17 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-07-16 01:17 . 2015-07-16 01:17 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-07-16 01:17 . 2015-07-16 01:17 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-07-16 01:17 . 2015-07-16 01:17 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-07-16 01:17 . 2015-07-16 01:17 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-07-16 01:17 . 2015-07-16 01:17 672768 ----a-w- c:\windows\system32\atieclxx.exe
2015-07-16 01:17 . 2015-07-16 01:17 246784 ----a-w- c:\windows\system32\atiesrxx.exe
2015-07-16 01:17 . 2015-07-16 01:17 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-07-16 01:14 . 2015-07-16 01:14 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-07-16 01:13 . 2015-07-16 01:13 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-07-16 01:13 . 2015-07-16 01:13 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-07-16 01:13 . 2015-07-16 01:13 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-07-16 01:13 . 2015-07-16 01:13 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-07-16 01:12 . 2015-07-16 01:12 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-07-16 01:12 . 2015-07-16 01:12 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-07-15 10:20 . 2015-07-15 10:20 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-07-15 10:20 . 2015-07-15 10:20 103424 ----a-w- c:\windows\system32\DelayAPO.dll
2015-07-15 06:43 . 2015-06-20 20:01 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-31 13:02 . 2012-05-17 10:57 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-07-31 13:02 . 2012-05-17 10:57 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-07-16 02:11 . 2015-06-23 02:08 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-07-16 02:11 . 2014-11-17 20:15 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-07-16 02:11 . 2012-04-06 02:20 1445224 ----a-w- c:\windows\system32\aticfx64.dll
2015-07-16 02:11 . 2015-06-23 02:08 1193904 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-07-16 02:11 . 2015-06-23 02:08 7929616 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-07-16 02:11 . 2015-06-23 02:08 7408936 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-07-16 02:11 . 2014-11-17 20:15 8893160 ----a-w- c:\windows\system32\atiumd6a.dll
2015-07-16 02:11 . 2014-11-17 20:15 8779872 ----a-w- c:\windows\system32\atiumd64.dll
2015-07-16 01:17 . 2014-11-17 18:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-07-16 01:13 . 2014-11-17 17:55 1247744 ----a-w- c:\windows\system32\atiadlxx.dll
2015-07-16 01:12 . 2015-06-23 01:21 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-07-05 10:08 . 2012-05-15 14:51 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 06:43 . 2012-05-17 10:38 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-01 20:49 . 2015-07-15 06:43 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 06:43 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-05-25 18:24 . 2015-06-10 07:41 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 07:41 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 07:41 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 07:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 07:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 07:41 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 07:41 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 07:41 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 07:41 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 07:41 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 07:41 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 07:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 07:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 07:41 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 07:41 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 07:41 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 07:41 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 07:41 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 07:41 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 07:41 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 07:41 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 07:41 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 07:41 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 07:41 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 07:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 07:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 07:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 07:41 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 07:41 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 07:41 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 07:41 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 07:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 07:41 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 07:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 07:41 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 07:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 07:41 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 07:41 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 07:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 07:41 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 07:41 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 07:41 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 07:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 07:41 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 07:41 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 07:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-07-15 782008]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-15 767176]
.
c:\users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech GamePanel Manager.lnk - c:\program files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl [2007-7-18 358672]
RAVCpl64 – zástupce.lnk - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe [2012-10-28 12503184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;c:\msi\MSI SUITE\NTIOLib_X64.sys;c:\msi\MSI SUITE\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys;c:\msi\MSI SUITE\ControlCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys;c:\msi\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-29 14:36 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{40B1055C-D6BE-4E7A-9EBE-FD088764F8CA}: NameServer = 8.8.8.8,8.8.8.8,192.168.0.1
TCP: Interfaces\{B3279CE8-334A-48A3-98BD-0CB5A7C19D38}: NameServer = 8.8.8.8,8.8.8.8
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2015-08-04 22:45:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-04 20:45
ComboFix2.txt 2015-08-03 17:12
.
Před spuštěním: 2 178 670 592
Po spuštění: 2 704 941 056
.
- - End Of File - - C76CC26D1DE5DDAAD6C0B3C892F9C19C
A36C5E4F47E84449FF07ED3517B43A31

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.