ComboFix 17-07-31.01 - Zdenka 04.08.2017 1:19.3.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4061.3331 [GMT 2:00]
Spuštěný z: c:\users\Zdenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenka\Desktop\CFScript.txt
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\McAfee Security Scan
c:\programdata\McAfee Security Scan\ftstate.ini
c:\users\Zdenka\AppData\Local\ESET
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\esets_apiW.dll
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.dll
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\CACHE.NDB
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\http_update.eset.com\download\engineols3\update.ver
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\lastupd.ver
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod027F.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod029F.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod0C34.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod0CD9.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod11D6.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod1633.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod172E.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod1AC7.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod1AE8.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod32DD.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod41ED.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod4357.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod4D75.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod5785.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod5C53.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod67A2.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod69EF.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod6BDC.nup
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\upd.ver
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em000_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em001_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em002_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em003_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em004_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em005_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em006_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\em023_32.dat
c:\users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\Modules\esets_api.stg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-07-03 do 2017-08-03 )))))))))))))))))))))))))))))))
.
.
2017-08-03 23:32 . 2017-08-03 23:32 -------- d-----w- C:\$AV_ASW
2017-08-03 23:27 . 2017-08-03 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-08-03 05:27 . 2017-08-03 05:27 -------- d-----w- c:\users\Zdenka\AppData\Local\CEF
2017-08-03 05:18 . 2017-08-03 05:18 -------- d-----w- c:\programdata\SWCUTemp
2017-08-03 05:14 . 2017-08-03 05:14 -------- d-----w- c:\users\Zdenka\AppData\Local\Zemana
2017-08-02 23:43 . 2017-08-02 23:43 -------- d-----w- c:\users\Zdenka\AppData\Local\Broadcom
2017-08-02 23:43 . 2017-08-03 05:16 -------- d-----w- c:\program files (x86)\McAfee
2017-08-02 23:06 . 2017-08-02 22:48 24064 ----a-w- c:\windows\zoek-delete.exe
2017-08-02 23:06 . 2017-08-03 23:32 -------- d-----w- c:\users\Zdenka\AppData\Local\Temp
2017-08-02 22:48 . 2017-08-02 23:03 -------- d-----w- C:\zoek_backup
2017-07-30 17:38 . 2017-08-01 23:37 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-30 17:38 . 2017-07-30 18:26 -------- d-----w- c:\programdata\RogueKiller
2017-07-30 16:32 . 2017-08-03 23:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-30 16:31 . 2017-07-30 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2017-07-30 16:31 . 2017-07-30 16:31 -------- d-----w- c:\programdata\Malwarebytes
2017-07-30 16:31 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-30 16:31 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-07-30 16:31 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-30 16:31 . 2017-07-30 16:31 -------- d-----w- c:\users\Zdenka\AppData\Local\Programs
2017-07-27 22:28 . 2017-08-01 23:33 -------- d-----w- C:\AdwCleaner
2017-07-27 11:08 . 2017-07-27 11:08 400464 ----a-w- c:\windows\system32\aswBoot.exe
2017-07-09 19:54 . 2017-07-09 19:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-30 15:30 . 2011-04-11 20:12 146696 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-07-27 11:06 . 2017-03-10 07:05 57728 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-07-27 11:06 . 2017-03-10 07:05 343288 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-07-27 11:06 . 2017-03-10 07:05 320008 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-07-27 11:06 . 2017-03-10 07:05 198976 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-07-09 19:34 . 2013-03-01 13:56 361336 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-07-09 19:29 . 2014-03-19 16:02 198768 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-07-09 19:29 . 2011-04-11 20:12 585608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-09 19:29 . 2014-04-29 16:06 46984 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-09 19:29 . 2013-03-01 13:56 84392 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-09 19:29 . 2012-02-24 09:52 110352 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-07-09 19:27 . 2011-04-11 20:12 1015848 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-09 19:27 . 2016-04-27 18:50 41800 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-06-20 06:53 . 2012-12-19 20:27 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-06-20 06:53 . 2011-10-06 18:22 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-05 143144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-16 50472]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"Clarus Drive Manager"="c:\program files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe" [2015-08-19 8139480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-12-17 1160408]
.
c:\users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-7-14 3486520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2009-10-31 12862]
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2017-3-2 136192]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2009-10-31 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 aswVmm;aswVmm;c:\users\Zdenka\AppData\Local\Temp\aswVmm.sys;c:\users\Zdenka\AppData\Local\Temp\aswVmm.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.587\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.587\McCHSvc.exe [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw1v64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Obsah adresáře 'Naplánované úlohy'
.
2017-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 06:53]
.
2017-03-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710972117-1834648420-811751981-1000Core.job
- c:\users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-29 08:45]
.
2017-03-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710972117-1834648420-811751981-1000UA.job
- c:\users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-29 08:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-27 11:08 1527760 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-27 11:08 1527760 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-07-27 213832]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\AVAST Software\SZBrowser\launcher.exe
c:\program files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser_autoupdate.exe
.
**************************************************************************
.
Celkový čas: 2017-08-04 01:40:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-08-03 23:40
ComboFix2.txt 2017-08-03 05:42
.
Před spuštěním: Volných bajtů: 51 538 472 960
Po spuštění: Volných bajtů: 51 039 506 432
.
- - End Of File - - 346095316D123E657F83DC08211767BC
5C616939100B85E558DA92B899A0FC36


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-08-04 07:10:31
-----------------------------
07:10:31.937 OS Version: Windows x64 6.1.7601 Service Pack 1
07:10:31.937 Number of processors: 2 586 0x170A
07:10:31.937 ComputerName: ZDENKA-PC UserName: Zdenka
07:10:32.420 Initialize success
07:10:34.651 AVAST engine defs: 17080308
07:10:46.569 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:10:46.569 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
07:10:46.741 Disk 0 MBR read successfully
07:10:46.741 Disk 0 MBR scan
07:10:47.193 Disk 0 Windows VISTA default MBR code
07:10:47.599 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14998 MB offset 2048
07:10:47.693 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119231 MB offset 30717952
07:10:47.708 Disk 0 default boot code
07:10:47.817 Disk 0 Partition - 00 0F Extended LBA 342706 MB offset 274904280
07:10:47.849 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 342706 MB offset 274904343
07:10:48.098 Disk 0 scanning C:\Windows\system32\drivers
07:11:12.029 Service scanning
07:11:46.255 Modules scanning
07:11:46.255 Disk 0 trace - called modules:
07:11:46.318 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
07:11:46.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c3b060]
07:11:46.333 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004a7ab50]
07:11:46.349 5 ACPI.sys[fffff88000f207a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a79050]
07:11:46.567 AVAST engine scan C:\Windows
07:11:50.888 AVAST engine scan C:\Windows\system32
07:16:10.551 AVAST engine scan C:\Windows\system32\drivers
07:16:30.675 AVAST engine scan C:\Users\Zdenka
07:23:12.578 File: C:\Users\Zdenka\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
07:25:34.242 AVAST engine scan C:\ProgramData
07:28:54.188 Disk 0 statistics 4140100/0/0 @ 2,96 MB/s
07:28:54.203 Scan finished successfully
07:36:24.405 Disk 0 MBR has been saved successfully to "C:\Users\Zdenka\Desktop\MBR.dat"
07:36:24.420 The log file has been saved successfully to "C:\Users\Zdenka\Desktop\aswMBR.txt"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + informuj o problémech

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:07:24, on 5.8.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)

FIREFOX: 54.0.1 (x86 cs)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Zdenka\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Clarus Drive Manager] C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Dropbox.lnk = Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14049 bytes

Pořád se mi při startu OS zobrazuje hláška - uživatelské jméno neo heslo je nesprávné, přitom přihlašovací účet ještě na obrazovce nebyl - je to i v nouzovém režimu. Dám OK a posléze se až zobrazí přihlašovací účet. V normálním režimu se mi po naběhnutí plochy stále notebook restartuje.

Odinstaloval si McAfee Security Scan ?

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

Co si naposledy instaloval předtím než to začalo dělat?

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Ano, McAfee Security Scan jsem odinstaloval.

StartupLite - nic nenašel, tlačítko Continue nebylo ani aktivní.

Fixnuto.

Tento notebook prakticky nepoužívám, jiná osoba. Prý nic instalováno nebylo, problém se zobrazoval již delší dobu.

Vyzkoušel jsem vytvořit nový admin účet, a tam při normálním režimu k restartu PC nedochází. Ta chyba s neplatným přihlášením je globální.

Logy:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Zdenka (administrator) on ZDENKA-PC (06-08-2017 11:02:31)
Running from C:\Users\Zdenka\Downloads
Loaded Profiles: Zdenka (Available Profiles: Zdenka & Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-27] (AVAST Software)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-22] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Clarus Drive Manager] => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [8139480 2015-08-19] (Clarus, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\...\Run: [Dropbox Update] => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-710972117-1834648420-811751981-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-10-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2017-03-02]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2009-10-31]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-06-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{852479FE-A6F3-42C6-8789-06BEE0E0ABCA}: [DhcpNameServer] 10.0.0.138 192.168.1.1
Tcpip\..\Interfaces\{BF4442C5-3E22-402E-8652-E0F8E99826A5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-710972117-1834648420-811751981-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-09] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default [2017-08-06]
FF NewTab: Mozilla\Firefox\Profiles\hp6vozql.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\hp6vozql.default -> about:home
FF Extension: (Avast SafePrice) - C:\Users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default\Extensions\sp@avast.com.xpi [2017-06-03]
FF Extension: (Avast Online Security) - C:\Users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default\Extensions\wrc@avast.com.xpi [2017-06-03]
FF Extension: (FaceMod Dislike Button) - C:\Users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default\Extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}.xpi [2011-03-28] [not signed]
FF SearchPlugin: C:\Users\Zdenka\AppData\Roaming\Mozilla\Firefox\Profiles\hp6vozql.default\searchplugins\seznam-avast.xml [2015-02-17]
FF Extension: (Click to call with Skype) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-20] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-20] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-710972117-1834648420-811751981-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Zdenka\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default [2017-08-06]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Avast SafePrice) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-06]
CHR Extension: (Arabic) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
CHR Profile: C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\System Profile [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-27] (AVAST Software s.r.o.)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-27] (AVAST Software)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [145024 2008-01-02] (AnyDATA Corporation)
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-27] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-27] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-27] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-09] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-09] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-09] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-09] (AVAST Software)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
S2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2017-08-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-06 11:02 - 2017-08-06 11:03 - 000017935 _____ C:\Users\Zdenka\Downloads\FRST.txt
2017-08-06 11:02 - 2017-08-06 11:02 - 000000000 ____D C:\FRST
2017-08-06 10:55 - 2017-08-06 10:55 - 000000000 ____D C:\Users\Zdenka\Desktop\backups
2017-08-06 10:53 - 2017-08-06 10:53 - 002381312 _____ (Farbar) C:\Users\Zdenka\Downloads\FRST64.exe
2017-08-06 10:52 - 2017-08-06 10:52 - 000204496 _____ (Malwarebytes) C:\Users\Zdenka\Desktop\startuplite-setup-1.07.exe
2017-08-06 10:46 - 2017-08-06 10:47 - 000085812 _____ C:\Windows\ntbtlog.txt
2017-08-05 10:50 - 2017-08-05 10:50 - 000110472 _____ C:\Users\Zdenka\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-05 10:50 - 2017-08-05 10:50 - 000000000 ___RD C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2017-08-05 10:46 - 2017-08-05 10:46 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2017-08-05 10:46 - 2017-08-05 10:46 - 000000000 ____D C:\Users\Admin\AppData\Local\CEF
2017-08-05 10:43 - 2017-08-05 10:43 - 000110472 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-05 10:43 - 2017-08-05 10:43 - 000000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
2017-08-05 10:43 - 2017-08-05 10:43 - 000000000 ____D C:\Users\Admin\Documents\Bluetooth Exchange Folder
2017-08-05 10:43 - 2017-08-05 10:43 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Asus WebStorage
2017-08-05 10:43 - 2017-08-05 10:43 - 000000000 ____D C:\Users\Admin\AppData\Local\SRS Labs
2017-08-05 10:43 - 2017-08-05 10:43 - 000000000 ____D C:\Users\Admin\AppData\Local\Broadcom
2017-08-05 10:42 - 2017-08-05 10:42 - 000001355 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-05 10:42 - 2017-08-05 10:42 - 000000000 ___RD C:\Users\Admin\Podcasts
2017-08-05 10:42 - 2017-08-05 10:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2017-08-05 10:41 - 2017-08-05 10:43 - 000000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2017-08-05 10:41 - 2017-08-05 10:41 - 000000000 ____D C:\Users\Admin\AppData\Local\Power2Go
2017-08-05 10:39 - 2017-08-05 10:39 - 000422776 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-05 10:38 - 2017-08-05 10:42 - 000000000 ____D C:\Users\Admin
2017-08-05 10:38 - 2017-08-05 10:41 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2017-08-05 10:38 - 2017-08-05 10:38 - 000000020 ___SH C:\Users\Admin\ntuser.ini
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Šablony
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Soubory cookie
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Poslední
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Okolní tiskárny
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Okolní síť
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Nabídka Start
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Dokumenty
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Documents\Obrázky
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Documents\Hudba
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Documents\Filmy
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\Data aplikací
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-08-05 10:38 - 2017-08-05 10:38 - 000000000 _SHDL C:\Users\Admin\AppData\Local\Data aplikací
2017-08-05 10:38 - 2016-10-16 12:36 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2017-08-05 10:38 - 2009-11-20 10:43 - 000000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help
2017-08-05 10:38 - 2009-11-18 12:11 - 000001192 _____ C:\Users\Admin\Desktop\CyberLink DVD Suite.lnk
2017-08-05 10:38 - 2009-11-18 12:01 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-08-05 10:38 - 2009-07-14 09:45 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Media Center Programs
2017-08-05 10:07 - 2017-08-05 10:07 - 000388608 _____ (Trend Micro Inc.) C:\Users\Zdenka\Downloads\HijackThis.exe
2017-08-05 09:29 - 2017-08-05 09:29 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-05 09:24 - 2017-08-05 09:24 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-05 09:21 - 2017-08-05 09:21 - 009747512 _____ (Piriform Ltd) C:\Users\Zdenka\Downloads\ccsetup532(1).exe
2017-08-05 09:16 - 2017-08-05 09:16 - 009747512 _____ (Piriform Ltd) C:\Users\Zdenka\Downloads\ccsetup532.exe
2017-08-04 01:32 - 2017-08-04 01:32 - 000000000 ____D C:\$AV_ASW
2017-08-03 07:27 - 2017-08-03 07:27 - 000000000 ____D C:\Users\Zdenka\AppData\Local\CEF
2017-08-03 07:14 - 2017-08-03 07:14 - 000000000 ____D C:\Users\Zdenka\AppData\Local\Zemana
2017-08-03 01:43 - 2017-08-03 07:16 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-08-03 01:43 - 2017-08-03 01:43 - 000000000 ____D C:\Users\Zdenka\AppData\Local\Broadcom
2017-08-03 01:06 - 2017-08-03 00:48 - 000024064 _____ C:\Windows\zoek-delete.exe
2017-08-03 00:48 - 2017-08-03 01:03 - 000000000 ____D C:\zoek_backup
2017-08-03 00:47 - 2017-08-03 00:47 - 006589840 _____ (Zemana Ltd. ) C:\Users\Zdenka\Downloads\Zemana.AntiMalware.Setup.exe
2017-08-03 00:46 - 2017-08-03 00:46 - 001309184 _____ C:\Users\Zdenka\Desktop\zoek.exe
2017-08-02 01:15 - 2017-08-02 01:18 - 173273312 _____ (Sophos Limited) C:\Users\Zdenka\Desktop\Sophos Virus Removal Tool.exe
2017-08-02 01:15 - 2017-07-30 19:33 - 026543176 _____ C:\Users\Zdenka\Desktop\RogueKiller_portable64.exe
2017-07-31 22:55 - 2017-07-31 22:55 - 008185288 _____ (Malwarebytes) C:\Users\Zdenka\Downloads\adwcleaner_7.0.1.0(2).exe
2017-07-31 22:52 - 2017-07-31 22:52 - 008185288 _____ (Malwarebytes) C:\Users\Zdenka\Downloads\adwcleaner_7.0.1.0(1).exe
2017-07-31 22:51 - 2017-07-31 22:52 - 008185288 _____ (Malwarebytes) C:\Users\Zdenka\Downloads\adwcleaner_7.0.1.0.exe
2017-07-31 22:49 - 2017-07-31 22:49 - 000448512 _____ (OldTimer Tools) C:\Users\Zdenka\Downloads\TFC(1).exe
2017-07-31 22:48 - 2017-07-31 22:48 - 000050688 _____ (Atribune.org) C:\Users\Zdenka\Downloads\ATF-Cleaner(1).exe
2017-07-30 20:28 - 2017-07-30 20:28 - 000448512 _____ (OldTimer Tools) C:\Users\Zdenka\Downloads\TFC.exe
2017-07-30 19:38 - 2017-08-02 01:37 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-30 19:38 - 2017-07-30 20:26 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-30 19:32 - 2017-07-30 19:33 - 026543176 _____ C:\Users\Zdenka\Downloads\RogueKiller_portable64.exe
2017-07-30 19:30 - 2017-07-30 19:30 - 000050688 _____ (Atribune.org) C:\Users\Zdenka\Downloads\ATF-Cleaner.exe
2017-07-30 18:32 - 2017-08-05 10:50 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-30 18:31 - 2017-07-30 18:31 - 000001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-30 18:31 - 2017-07-30 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-30 18:31 - 2017-07-30 18:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-30 18:31 - 2017-07-30 18:31 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-07-30 18:31 - 2015-03-17 06:15 - 000107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-30 18:31 - 2015-03-17 06:15 - 000063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-07-30 18:31 - 2015-03-17 06:15 - 000025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-07-30 17:44 - 2017-08-05 09:24 - 000000000 ____D C:\Windows\erdnt
2017-07-30 17:44 - 2017-08-05 09:24 - 000000000 ____D C:\Qoobox
2017-07-30 17:00 - 2017-08-04 07:36 - 000000512 _____ C:\Users\Zdenka\Desktop\MBR.dat
2017-07-30 16:19 - 2017-07-30 13:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\Zdenka\Desktop\HijackThis.exe
2017-07-30 16:19 - 2017-07-30 13:36 - 001663040 _____ (Malwarebytes) C:\Users\Zdenka\Desktop\JRT.exe
2017-07-28 00:28 - 2017-08-02 01:33 - 000000000 ____D C:\AdwCleaner
2017-07-28 00:25 - 2017-07-09 10:36 - 006753408 _____ (ESET spol. s r.o.) C:\Users\Zdenka\Desktop\esetonlinescanner_csy.exe
2017-07-27 13:08 - 2017-07-27 13:08 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-18 12:31 - 2017-07-18 12:31 - 000756228 _____ C:\Users\Zdenka\Downloads\Usnesení RM č. 44.pdf
2017-07-14 08:47 - 2017-07-14 08:47 - 000000000 ____D C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-06 10:53 - 2016-11-16 18:04 - 000000000 ____D C:\Users\Zdenka\AppData\LocalLow\Mozilla
2017-08-06 10:47 - 2017-03-10 10:23 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-08-05 10:51 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-05 10:48 - 2009-07-14 06:45 - 000010256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-05 10:48 - 2009-07-14 06:45 - 000010256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-05 10:47 - 2009-08-03 23:13 - 000669132 _____ C:\Windows\system32\perfh005.dat
2017-08-05 10:47 - 2009-08-03 23:13 - 000141760 _____ C:\Windows\system32\perfc005.dat
2017-08-05 10:47 - 2009-07-14 07:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-05 10:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-05 10:40 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
2017-08-05 09:54 - 2017-03-10 09:05 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-05 09:31 - 2009-11-18 12:03 - 000000000 ____D C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2017-08-05 09:24 - 2012-11-01 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-04 01:53 - 2009-11-18 16:55 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-08-04 01:53 - 2009-11-18 16:55 - 000000000 ____D C:\ProgramData\Skype
2017-08-04 01:33 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2017-08-04 01:28 - 2009-07-14 04:34 - 110624768 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-04 01:28 - 2009-07-14 04:34 - 030146560 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-04 01:28 - 2009-07-14 04:34 - 000524288 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-04 01:28 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-04 01:28 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2017-08-03 07:16 - 2009-10-31 04:02 - 000002361 _____ C:\Windows\system32\ServiceFilter.ini
2017-08-03 07:06 - 2017-05-17 18:47 - 000000000 ____D C:\Program Files\TrueKey
2017-08-03 01:47 - 2017-05-18 07:46 - 000001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-08-03 01:47 - 2017-05-18 07:46 - 000001153 _____ C:\Users\Public\Desktop\True Key.lnk
2017-08-03 01:44 - 2013-05-12 13:10 - 000000000 ____D C:\Users\Zdenka\AppData\Roaming\Dropbox
2017-08-03 01:03 - 2009-11-18 14:23 - 000000000 ____D C:\Users\Zdenka
2017-07-30 19:05 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\security
2017-07-30 17:30 - 2011-04-11 22:12 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-28 00:42 - 2013-03-14 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2017-07-28 00:42 - 2009-12-03 11:21 - 000000000 ____D C:\Windows\Minidump
2017-07-28 00:42 - 2009-07-29 08:52 - 000000000 ____D C:\Windows\Panther
2017-07-27 13:06 - 2017-03-10 09:05 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-27 13:06 - 2017-03-10 09:05 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-27 13:06 - 2017-03-10 09:05 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-27 13:06 - 2017-03-10 09:05 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-14 08:20 - 2015-09-29 17:39 - 000000000 ____D C:\Users\Zdenka\AppData\Local\Dropbox
2017-07-12 19:02 - 2009-07-14 07:08 - 000032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-11 14:28 - 2016-05-02 18:33 - 000000000 ____D C:\Users\Zdenka\Desktop\Monika
2017-07-11 14:27 - 2016-05-02 18:33 - 000000000 ____D C:\Users\Zdenka\Desktop\RADA
2017-07-11 14:19 - 2016-05-02 18:32 - 000000000 ____D C:\Users\Zdenka\Desktop\sraz spš 2014
2017-07-10 06:59 - 2016-04-28 18:23 - 000003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461860588
2017-07-09 22:31 - 2016-05-02 18:32 - 000000000 ____D C:\Users\Zdenka\Desktop\vladka
2017-07-09 21:34 - 2013-03-01 15:56 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-09 21:29 - 2014-04-29 18:06 - 000046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-09 21:29 - 2014-03-19 18:02 - 000198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-09 21:29 - 2013-03-01 15:56 - 000084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-09 21:29 - 2012-02-24 11:52 - 000110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-09 21:29 - 2011-04-11 22:12 - 000585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-09 21:27 - 2016-04-27 20:50 - 000041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-09 21:27 - 2011-04-11 22:12 - 001015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-09 21:15 - 2016-11-16 14:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-09 21:15 - 2012-05-04 18:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2009-12-31 19:26 - 2012-10-11 15:50 - 000099384 _____ () C:\Users\Zdenka\AppData\Roaming\inst.exe
2009-12-31 19:26 - 2012-10-11 15:50 - 000007859 _____ () C:\Users\Zdenka\AppData\Roaming\pcouffin.cat
2009-12-31 19:26 - 2012-10-11 15:50 - 000001167 _____ () C:\Users\Zdenka\AppData\Roaming\pcouffin.inf
2009-12-31 19:26 - 2012-10-11 15:50 - 000082816 _____ (VSO Software) C:\Users\Zdenka\AppData\Roaming\pcouffin.sys
2009-12-31 21:08 - 2012-02-20 19:37 - 000001041 _____ () C:\Users\Zdenka\AppData\Roaming\vso_ts_preview.xml
2013-03-14 17:44 - 2013-03-14 17:44 - 000003584 _____ () C:\Users\Zdenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-23 11:40 - 2009-11-23 11:40 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
2009-10-31 03:38 - 2009-09-10 18:06 - 000131368 _____ () C:\ProgramData\FullRemove.exe
2009-12-10 21:52 - 2009-12-10 21:52 - 000000357 _____ () C:\ProgramData\hpzinstall.log
2011-08-30 19:24 - 2011-08-30 19:24 - 000004896 _____ () C:\ProgramData\kbkwknay.ayh

Some files in TEMP:
====================
2017-08-05 09:44 - 2017-08-05 09:44 - 000000000 _____ () C:\Users\Zdenka\AppData\Local\Temp\GUR84D8.exe
2017-08-05 10:50 - 2017-08-05 10:50 - 000000000 _____ () C:\Users\Zdenka\AppData\Local\Temp\GURDB7F.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-03-17 11:57

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Zdenka (06-08-2017 11:03:57)
Running from C:\Users\Zdenka\Downloads
Windows 7 Professional Service Pack 1 (X64) (2009-11-18 12:23:14)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-710972117-1834648420-811751981-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-710972117-1834648420-811751981-500 - Administrator - Disabled)
Guest (S-1-5-21-710972117-1834648420-811751981-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-710972117-1834648420-811751981-1002 - Limited - Enabled)
Zdenka (S-1-5-21-710972117-1834648420-811751981-1000 - Administrator - Enabled) => C:\Users\Zdenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Alcor Micro USB Card Reader (HKLM-x32\...\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
ALZip (HKLM-x32\...\ALZip_is1) (Version: 6.7 - ESTsoft Corp.)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.24 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
Asus WebStorage (HKLM\...\Asus WebStorage) (Version: 2.0.31.477 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version: - )
ASUSTek ASUSDVD 8 (HKLM-x32\...\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815a - CyberLink Corp.) Hidden
ASUSTek ASUSDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815a - CyberLink Corp.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Balíček ovladače systému Windows - AnyDATA Corporation (adusbser) Modem (12/31/2007 2.0.4.0) (HKLM\...\D46E6E09C9DFBE4319FE07FC4F249DA42CC26BF9) (Version: 12/31/2007 2.0.4.0 - AnyDATA Corporation)
Balíček ovladače systému Windows - AnyDATA Corporation (adusbser) Ports (12/31/2007 2.0.4.0) (HKLM\...\769F36EB73566E376559B9A2BD74718E72BD4735) (Version: 12/31/2007 2.0.4.0 - AnyDATA Corporation)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
BDE 5.2.0.2 (HKLM-x32\...\BDE install_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2216 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - PowerDVDCorp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-710972117-1834648420-811751981-1000\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
edu-learning pro MS Office 2003 CZ (HKLM-x32\...\{99032CFF-DBB0-4C9C-B03D-B922422F4A39}) (Version: 1.0.3 - EDU 2000 s.r.o.)
ETDWare PS/2-x64 7.0.5.7_WHQL (HKLM\...\Elantech) (Version: - )
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.23 - DeviceVM, Inc.)
Facebook Plug-In (HKU\S-1-5-21-710972117-1834648420-811751981-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.3 - ASUS)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.6.4 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL MPEG-1/2 DirectShow Decoder Filter (HKLM-x32\...\{870815CA-6B60-47B6-88DD-A67F42D2F03E}) (Version: 0.1.2 - Peter Wimmer)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
InterBase 6 Client Open Edition - 6.0.2.0 (HKLM-x32\...\InterBase 6 Client Open Edition - 6.0.2.0) (Version: - InterBase Installation Info)
Internet (HKLM-x32\...\Internet) (Version: 1.031.09 - AnyDATA.NET, Inc.)
Island Wars 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}) (Version: - Oberon Media)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaShow (HKLM-x32\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.5117 - CyberLink Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{B44F3823-52DD-45CA-A916-8B320778715D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 cs)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Nero 7 Premium (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
Nokia Connectivity Cable Driver (HKLM-x32\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.42.7 - Tracker Software Products Ltd)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.0.2319 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.0.2319 - CyberLink Corp.)
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5942 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung ML-1640 Series (HKLM-x32\...\Samsung ML-1640 Series) (Version: - Samsung Electronics CO.,LTD)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
SIMUL8 (HKLM-x32\...\SIMUL8) (Version: - )
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Smileyville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}) (Version: - Oberon Media)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
TOPO Czech 2013 (HKLM-x32\...\{9FB5490B-B522-478E-BA4F-27B18C298C0E}) (Version: 7.00 - PICODAS PRAHA, spol. s r.o.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.11 - ASUS)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver 5.2066.1.9B01 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B01 - ZTE Corporation)
ZTE Tablet USB Driver (HKLM\...\{E583937D-9ECC-4C9E-93DF-B01DA0CD670D}_is1) (Version: 5.2066.1.V11AB01 - ZTE Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-710972117-1834648420-811751981-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayIconExtension1] -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayIconExtension2] -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\AdsmendecExt.dll [2009-05-16] (ASUSTek Computer Inc.)
ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers1: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ContextMenuHandlers4: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\AdsmendecExt.dll [2009-05-16] (ASUSTek Computer Inc.)
ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-07-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-08-28] (NVIDIA Corporation)
ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers1_S-1-5-21-710972117-1834648420-811751981-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-710972117-1834648420-811751981-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-710972117-1834648420-811751981-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2DA897B4-F195-4B7C-94D3-7994AEFEC897} - System32\Tasks\GoogleUpdateTaskMachineCore1d2b34fe8c17e8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {37E9CC9D-2A14-45CB-B7D9-92751E229A64} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-27] (AVAST Software)
Task: {7EA2A9D3-4DB3-4574-95FA-8D8FAF12B110} - System32\Tasks\GoogleUpdateTaskMachineUA1d2b34fe946cb9e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {A792F4C7-532E-47EC-A56D-439CB14C6522} - System32\Tasks\SafeZone scheduled Autoupdate 1461860588 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {EDDCDB93-E86B-491B-BA81-394B11F0D684} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710972117-1834648420-811751981-1000Core.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-710972117-1834648420-811751981-1000UA.job => C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2007-06-15 19:28 - 2007-06-15 19:28 - 000104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 01:52 - 2007-06-02 01:52 - 000159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-08-25 09:47 - 2009-08-25 09:47 - 000140560 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\EcaremeDLL.dll
2009-10-31 03:31 - 2009-10-31 03:31 - 000029968 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
2009-10-31 03:31 - 2009-10-31 03:31 - 000931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:15024E60 [284]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [134]
AlternateDataStreams: C:\ProgramData\Temp:734E442A [272]
AlternateDataStreams: C:\ProgramData\Temp:A724744F [118]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.scr: => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.com: comfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.reg: => <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-08-04 01:32 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-710972117-1834648420-811751981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Zdenka\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{0A82D2DE-531F-4366-B093-C9961D283019}C:\program files (x86)\icq7.4\icq.exe] => (Allow) C:\program files (x86)\icq7.4\icq.exe
FirewallRules: [UDP Query User{97CC8CA9-8ED2-4200-8CB4-5CF6B4EE5550}C:\program files (x86)\icq7.4\icq.exe] => (Allow) C:\program files (x86)\icq7.4\icq.exe
FirewallRules: [TCP Query User{F5A22E3D-A995-4374-B4EA-047EE2643C8F}C:\program files (x86)\icq7.4\icq.exe] => (Block) C:\program files (x86)\icq7.4\icq.exe
FirewallRules: [UDP Query User{91C48E02-8003-4934-92EB-7557D867BC68}C:\program files (x86)\icq7.4\icq.exe] => (Block) C:\program files (x86)\icq7.4\icq.exe
FirewallRules: [TCP Query User{29A2A559-0D10-410E-86C7-A178570989CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{63477389-54B0-4512-93BF-36549CA32447}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3859DC44-B14B-4ABE-B873-FD7C4F08D13E}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{69B967B8-DFD1-45BC-BAED-EE6BA31768FB}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{04278001-4721-46E8-940A-372414194A58}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{34B4F2E0-C561-4E77-9F1F-2AD75B2EDAEA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{370CD0BF-1CD3-4D03-A155-0AC881096F5B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4DFB2845-256A-4151-A3E1-8E5F6A0EAFEB}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{32B55EE7-C1FB-426F-BC2F-B38675606349}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3A280012-0469-4E9E-9DFE-E718EAB97517}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9595C9B9-3BD5-4378-AFAA-1BD8718E9250}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E310548A-5442-4E01-ACBD-29F483D9F785}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{15D448D6-D51D-4485-8597-B963F439F93E}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{477B30E8-E6E4-4697-8E8E-65C78501E9DD}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{B51618FF-8C31-4178-A4EF-A4C0E7102D49}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{29D05FDC-0EAE-41FB-88EB-B9B08E68932E}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4D879064-33C6-40AD-9410-E56A49CF0524}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6FC272C7-5232-4892-B486-1EB933CEBF4B}C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\zdenka\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1BCF351C-83E8-4090-9368-664591B80F8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D76B4310-DD00-45C7-9BCB-DA302AB8E838}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B17005-A518-4595-92AD-27271C69B6F6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{980C6683-3AFC-4C98-B3A5-26B70EAD3364}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E12BEF9-4BA5-4BA7-AC84-BA3A71BB5D8F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2017 10:42:15 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:15 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:15 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:15 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:15 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (08/05/2017 10:42:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:14 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Server indexu obsahu neaktualizoval nebo nenačetl informace kvůli chybě databáze. Zastavte a restartujte vyhledávací službu. Pokud potíže potrvají, vymažte index obsahu a proveďte znovu jeho procházení. V některých případech bude pravděpodobně nutné odstranit a znovu vytvořit index obsahu. (HRESULT : 0x8004117f) (0x8004117f)

Error: (08/05/2017 10:42:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=1100} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/05/2017 10:42:14 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Služba Windows Search neotevřela úložiště vlastností databázového stroje Jet.

Podrobnosti:
0x%08x (0x8004117f - Server indexu obsahu neaktualizoval nebo nenačetl informace kvůli chybě databáze. Zastavte a restartujte vyhledávací službu. Pokud potíže potrvají, vymažte index obsahu a proveďte znovu jeho procházení. V některých případech bude pravděpodobně nutné odstranit a znovu vytvořit index obsahu. (HRESULT : 0x8004117f))

Error: (08/05/2017 09:32:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/06/2017 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (08/06/2017 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (08/06/2017 10:49:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/06/2017 10:49:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/06/2017 10:49:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/06/2017 10:47:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/06/2017 10:47:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/06/2017 10:47:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/06/2017 10:47:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/06/2017 10:47:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


CodeIntegrity:
===================================
Date: 2017-08-04 01:26:43.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:26:43.593
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:26:43.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:26:43.265
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:19:20.771
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:19:20.599
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:19:20.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-04 01:19:20.271
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-30 17:59:38.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-30 17:59:38.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 17%
Total physical RAM: 4061.02 MB
Available physical RAM: 3330.36 MB
Total Virtual: 8120.25 MB
Available Virtual: 7450.6 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:48.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:334.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D9B3496E)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pokud budou stále problémy:
C:\Windows\ntbtlog.txt --pošli mi někam obsah této složky.

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Zdenka (08-08-2017 00:54:01) Run:1
Running from C:\Users\Zdenka\Desktop
Loaded Profiles: Zdenka (Available Profiles: Zdenka & Admin)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-710972117-1834648420-811751981-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\ProgramData\ezsidmv.dat
C:\ProgramData\FullRemove.exe
C:\ProgramData\kbkwknay.ayh
C:\Users\Zdenka\AppData\Local\Temp\GUR84D8.exe
C:\Users\Zdenka\AppData\Local\Temp\GURDB7F.exe
Task: {2DA897B4-F195-4B7C-94D3-7994AEFEC897} - System32\Tasks\GoogleUpdateTaskMachineCore1d2b34fe8c17e8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {7EA2A9D3-4DB3-4574-95FA-8D8FAF12B110} - System32\Tasks\GoogleUpdateTaskMachineUA1d2b34fe946cb9e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {EDDCDB93-E86B-491B-BA81-394B11F0D684} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee VirusScan
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
AlternateDataStreams: C:\ProgramData\Temp:15024E60 [284]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [134]
AlternateDataStreams: C:\ProgramData\Temp:734E442A [272]
AlternateDataStreams: C:\ProgramData\Temp:A724744F [118]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.scr: => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.com: comfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.reg: => <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-710972117-1834648420-811751981-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] => Error: No automatic fix found for this entry.
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29] => Error: No automatic fix found for this entry.
CHR Extension: (No Name) - C:\Users\Zdenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\ProgramData\ezsidmv.dat => moved successfully
C:\ProgramData\FullRemove.exe => moved successfully
C:\ProgramData\kbkwknay.ayh => moved successfully
C:\Users\Zdenka\AppData\Local\Temp\GUR84D8.exe => moved successfully
C:\Users\Zdenka\AppData\Local\Temp\GURDB7F.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DA897B4-F195-4B7C-94D3-7994AEFEC897} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA897B4-F195-4B7C-94D3-7994AEFEC897} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d2b34fe8c17e8f => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d2b34fe8c17e8f => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EA2A9D3-4DB3-4574-95FA-8D8FAF12B110} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EA2A9D3-4DB3-4574-95FA-8D8FAF12B110} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d2b34fe946cb9e => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d2b34fe946cb9e => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDDCDB93-E86B-491B-BA81-394B11F0D684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDCDB93-E86B-491B-BA81-394B11F0D684} => key removed successfully
C:\Windows\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare) => key removed successfully
C:\Program Files\Common Files\AV\McAfee VirusScan => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\ProgramData\Temp => ":15024E60" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":734E442A" ADS removed successfully.
C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":B88E99C8" ADS removed successfully.
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.scr => key removed successfully
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.bat => key removed successfully
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.com => key removed successfully
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.cmd => key removed successfully
HKU\S-1-5-21-710972117-1834648420-811751981-1000\Software\Classes\.reg => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13683216 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 34033957 B
Firefox => 86038535 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 33125 B
NetworkService => 33125 B
Zdenka => 32880398 B
Admin => 465889 B

RecycleBin => 0 B
EmptyTemp: => 163.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:54:49 ====

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Nic jiného než tohle tam nebylo:

System Information (local)
--------------------------------------------------------------------------------

Computer name: ZDENKA-PC
Windows version: Windows 7 Service Pack 1, 6.1, build: 7601
Windows dir: C:\Windows
Hardware: UL80VT , ASUSTeK Computer Inc. , UL80VT
CPU: GenuineIntel Genuine Intel(R) CPU U7300 @ 1.30GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 4258291712 bytes total




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. In case you are experiencing system crashes, it may be that crash dumps are prevented from being written out. Check out the following article for possible causes: If crash dumps are not written out.



Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

----------------------------------------------------------------------------
CrystalDiskInfo 7.1.0 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2017/08/08 21:40:04

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- ST9500325AS
- HL-DT-ST DVDRAM GU10N

-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0002SDM1
Serial Number : 6VE39FTV
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 5967 hod.
Power On Count : 6597 krát
Temperature : 44 C (111 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 116 _99 __6 0000063E7FF0 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 _94 _94 _20 0000000019C8 Počet spuštění/zastavení
05 100 100 _36 800000020000 Počet přemapovaných sektorů
07 _84 _60 _30 0000121B1E4F Počet chybných hledání
09 _94 _94 __0 00000000174F Hodin v činnosti
0A 100 100 _97 000000080800 Počet opakovaných pokusů o roztočení ploten
0C _94 _37 _20 0000000019C5 Počet cyklů zapnutí zařízení
B8 _68 _68 _99 000000000020 Ukončovacích chyb
BB __1 __1 __0 000000000800 Ohlášeno neopravitelných chyb
BC 100 _98 __0 00060006000E Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _56 _48 _45 00002C1B002C Teplota toku vzduchu
BF 100 100 __0 0000000000D7 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000007D Počet vypnutí disku
C1 _93 _93 __0 000000003DF3 Počet cyklů načítání/vymazání
C2 _44 _52 __0 000F0000002C Teplota
C3 _51 _35 __0 0000063E7FF0 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3656 4533 3946 5456
020: 0000 4000 0004 3030 3032 5344 4D31 5354 3935 3030
030: 3332 3541 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0048
080: 01F0 0029 346B 7D09 6123 3469 BC09 6123 407F 0041
090: 0041 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5000 C500
110: 1B67 BE05 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 001F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3C00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103B 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 3AA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 74 63 F0 7F 3E 06 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 5E 5E C8
020: 19 00 00 00 00 00 05 33 00 64 64 00 00 02 00 00
030: 80 00 07 0F 00 54 3C 4F 1E 1B 12 00 00 00 09 32
040: 00 5E 5E 4F 17 00 00 00 00 00 0A 13 00 64 64 00
050: 08 08 00 00 00 00 0C 32 00 5E 25 C5 19 00 00 00
060: 00 00 B8 32 00 44 44 20 00 00 00 00 00 00 BB 32
070: 00 01 01 00 08 00 00 00 00 00 BC 32 00 64 62 0E
080: 00 06 00 06 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 38 30 2C 00 1B 2C 00 00 00 BF 32
0A0: 00 64 64 D7 00 00 00 00 00 00 C0 32 00 64 64 7D
0B0: 00 00 00 00 00 00 C1 32 00 5D 5D F3 3D 00 00 00
0C0: 00 00 C2 22 00 2C 34 2C 00 00 00 0F 00 08 C3 1A
0D0: 00 33 23 F0 7F 3E 06 00 00 00 C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 FE 32
100: 00 64 64 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 89 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 FE 00 00 00 00 02 01 01 02 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 D7 00 00 00 8F 1F F1 A5 90 13 00 00
1B0: 00 00 00 00 01 00 78 0B EF 22 C4 72 E3 37 03 00
1C0: F7 80 4B 3A 12 6B 31 00 00 00 00 00 0D B6 30 00
1D0: 00 00 00 00 00 00 00 00 53 07 00 00 73 00 07 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33
1F0: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 FE 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 AC