Prosím o kontorlu logu

Příspěvekod **jaro3** » 10 úno 2017 09:44

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Reklama

Robertekk23 · Příspěvekod **Robertekk23** » 11 úno 2017 10:19

ComboFix 17-01-29.01 - Robert 11.02.2017 10:03:58.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.2932 [GMT 1:00]
Spuštěný z: c:\users\Robert\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-11 do 2017-02-11 )))))))))))))))))))))))))))))))
.
.
2017-02-11 09:09 . 2017-02-11 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-10 04:41 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C20D9D2-1CF8-49F3-859C-89DE01DCCD90}\mpengine.dll
2017-02-08 19:52 . 2017-02-10 08:16 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-08 19:52 . 2017-02-08 19:52 -------- d-----w- c:\users\Robert\AppData\Local\Zemana
2017-02-08 19:49 . 2017-02-08 19:28 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-08 19:49 . 2017-02-11 09:09 -------- d-----w- c:\users\Robert\AppData\Local\Temp
2017-02-08 16:25 . 2017-02-08 19:12 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-08 16:25 . 2017-02-08 16:52 -------- d-----w- c:\programdata\RogueKiller
2017-02-08 15:28 . 2017-02-08 15:28 -------- d-----w- c:\programdata\Sophos
2017-02-07 15:59 . 2017-02-10 19:11 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-07 15:59 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-05 12:24 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2017-02-04 12:12 . 2017-02-04 13:31 -------- d-----w- c:\program files (x86)\AVG
2017-02-04 12:12 . 2017-02-04 13:31 -------- d-----w- c:\programdata\Avg
2017-02-04 12:12 . 2017-02-04 12:14 -------- d-----w- c:\users\Robert\AppData\Local\Avg
2017-02-04 12:12 . 2017-02-04 12:12 -------- d--h--w- c:\programdata\Common Files
2017-02-04 09:31 . 2017-02-04 09:31 -------- d-----w- C:\Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-05 10:05 . 2016-10-29 12:32 135657872 -c--a-w- c:\windows\system32\MRT.exe
2016-12-20 22:25 . 2016-11-10 00:39 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-10-06 4557504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2016-12-21 850944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-02-11 10:16:04
ComboFix-quarantined-files.txt 2017-02-11 09:16
.
Před spuštěním: Volných bajtů: 29 772 345 344
Po spuštění: Volných bajtů: 29 632 335 872
.
- - End Of File - - 3D7B1DB621D8EBA55DB0A995AB21DB77
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 11 úno 2017 13:08

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\AVG
c:\programdata\Avg
c:\users\Robert\AppData\Local\Avg

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Robertekk23 · Příspěvekod **Robertekk23** » 11 úno 2017 14:16

ComboFix 17-01-29.01 - Robert 11.02.2017 14:02:01.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.2844 [GMT 1:00]
Spuštěný z: c:\users\Robert\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Robert\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG
c:\programdata\Avg
c:\programdata\Avg\AWL\appdata.dat
c:\programdata\Avg\AWL\AvgRep.xml
c:\programdata\Avg\AWL\Backups\00000000.rcb
c:\programdata\Avg\AWL\boot_perf.json
c:\programdata\Avg\AWL\lsdb2.json
c:\programdata\Avg\AWL\lsdb2.json.old
c:\programdata\Avg\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\Avg\AWL\swh_stats.json
c:\programdata\Avg\AWL\TUProgMan.10.tudb
c:\programdata\Avg\AWL\TUProgManagerCache.10.tudb
c:\programdata\Avg\AWL\TUReportData.10.tudb
c:\programdata\Avg\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\Avg\AWL00F25208ACE2D380903EAAD76CCF2110.xml
c:\users\Robert\AppData\Local\Avg
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000001.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000002.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000003.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000004.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000005.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Backups\00000006.rcb
c:\users\Robert\AppData\Local\Avg\AWL\Speed Optimizer\SpeedOptimizerStates.xml
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwbasedll.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwbasedll.log.1
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwbasedll.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwdll.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwdll.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwui.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwui.log.1
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwui.log.2
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgfmwui.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.1
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.2
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.3
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.4
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.5
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgmsgdisp.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgreloadabledll.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\avgreloadabledll.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\common.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\common.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\commonpriv.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\commonpriv.log.lock
c:\users\Robert\AppData\Local\Avg\log\fmw1\Cookies-journal
c:\users\Robert\AppData\Local\Avg\log\fmw1\Cookies
c:\users\Robert\AppData\Local\Avg\log\fmw1\data_0
c:\users\Robert\AppData\Local\Avg\log\fmw1\data_1
c:\users\Robert\AppData\Local\Avg\log\fmw1\data_2
c:\users\Robert\AppData\Local\Avg\log\fmw1\data_3
c:\users\Robert\AppData\Local\Avg\log\fmw1\f_000002
c:\users\Robert\AppData\Local\Avg\log\fmw1\f_000006
c:\users\Robert\AppData\Local\Avg\log\fmw1\f_000007
c:\users\Robert\AppData\Local\Avg\log\fmw1\f_000008
c:\users\Robert\AppData\Local\Avg\log\fmw1\chromium_dbg.log
c:\users\Robert\AppData\Local\Avg\log\fmw1\index
c:\users\Robert\AppData\Local\Avg\log\fmw1\Local Storage\http_a1eb8d32dfe04e1588dfb6ae7f8deb26.avg.cz_0.localstorage-journal
c:\users\Robert\AppData\Local\Avg\log\fmw1\Local Storage\http_a1eb8d32dfe04e1588dfb6ae7f8deb26.avg.cz_0.localstorage
c:\users\Robert\AppData\Local\Avg\log\fmw1\Local Storage\http_zen.localapp.avg.cz_0.localstorage-journal
c:\users\Robert\AppData\Local\Avg\log\fmw1\Local Storage\http_zen.localapp.avg.cz_0.localstorage
c:\users\Robert\AppData\Local\Avg\log\fmw1\Visited Links
c:\users\Robert\AppData\Local\Avg\log\tu16\avglng.log
c:\users\Robert\AppData\Local\Avg\log\tu16\avglng.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\commonpriv.log
c:\users\Robert\AppData\Local\Avg\log\tu16\commonpriv.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\delphiplugins.log
c:\users\Robert\AppData\Local\Avg\log\tu16\diskdoctor.log
c:\users\Robert\AppData\Local\Avg\log\tu16\duplicatefinder.log
c:\users\Robert\AppData\Local\Avg\log\tu16\performanceoptimizer.log
c:\users\Robert\AppData\Local\Avg\log\tu16\powermodemanager.log
c:\users\Robert\AppData\Local\Avg\log\tu16\settingcenter.log
c:\users\Robert\AppData\Local\Avg\log\tu16\sqldb.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tuclient.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tuclient.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\tucomm.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tucomm.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\tuinstallhelper.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tupk.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tupk.log.1
c:\users\Robert\AppData\Local\Avg\log\tu16\tupk.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\tuscan.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tuscan.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\tusetupca.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tusetupca.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\tuui.log
c:\users\Robert\AppData\Local\Avg\log\tu16\tuui.log.lock
c:\users\Robert\AppData\Local\Avg\log\tu16\undelete.log
c:\users\Robert\AppData\Local\Avg\log\zen1\zapi.log
c:\users\Robert\AppData\Local\Avg\log\zen1\zapi.log.lock
c:\users\Robert\AppData\Local\Avg\log\zen1\zui.log
c:\users\Robert\AppData\Local\Avg\log\zen1\zui.log.lock
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-11 do 2017-02-11 )))))))))))))))))))))))))))))))
.
.
2017-02-10 04:41 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C20D9D2-1CF8-49F3-859C-89DE01DCCD90}\mpengine.dll
2017-02-08 19:52 . 2017-02-10 08:16 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-08 19:52 . 2017-02-08 19:52 -------- d-----w- c:\users\Robert\AppData\Local\Zemana
2017-02-08 19:49 . 2017-02-08 19:28 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-08 19:49 . 2017-02-11 13:06 -------- d-----w- c:\users\Robert\AppData\Local\Temp
2017-02-08 16:25 . 2017-02-08 19:12 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-08 16:25 . 2017-02-08 16:52 -------- d-----w- c:\programdata\RogueKiller
2017-02-08 15:28 . 2017-02-08 15:28 -------- d-----w- c:\programdata\Sophos
2017-02-07 15:59 . 2017-02-11 13:08 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-07 15:59 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-05 12:24 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2017-02-04 12:12 . 2017-02-04 13:30 -------- d-----w- c:\users\Robert\AppData\Local\AvgSetupLog
2017-02-04 12:12 . 2017-02-04 12:12 -------- d--h--w- c:\programdata\Common Files
2017-02-04 09:31 . 2017-02-04 09:31 -------- d-----w- C:\Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-05 10:05 . 2016-10-29 12:32 135657872 -c--a-w- c:\windows\system32\MRT.exe
2016-12-20 22:25 . 2016-11-10 00:39 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-10-06 4557504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2016-12-21 850944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2017-02-11 14:11:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-02-11 13:11
ComboFix2.txt 2017-02-11 09:16
.
Před spuštěním: Volných bajtů: 37 423 005 696
Po spuštění: Volných bajtů: 37 347 082 240
.
- - End Of File - - F84AA38E85ED1AF8FED433F03203AA2E
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:07, on 11.2.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Robert\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Unknown owner - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (file missing)

--
End of file - 6069 bytes

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-02-11 14:12:20
-----------------------------
14:12:20.699 OS Version: Windows x64 6.1.7601 Service Pack 1
14:12:20.699 Number of processors: 2 586 0x170A
14:12:20.699 ComputerName: ROBERT-PC UserName: Robert
14:12:21.588 Initialize success
14:12:21.604 VM: initialized successfully
14:12:21.620 VM: Intel CPU virtualization not supported
14:12:39.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:12:39.567 Disk 0 Vendor: ST3320820AS 3.AHG Size: 305245MB BusType: 3
14:12:39.692 Disk 0 MBR read successfully
14:12:39.692 Disk 0 MBR scan
14:12:39.692 Disk 0 Windows 7 default MBR code
14:12:39.707 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:12:39.707 Disk 0 Boot: NTFS code=2
14:12:39.723 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
14:12:39.738 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 205143 MB offset 205006848
14:12:39.785 Disk 0 scanning C:\Windows\system32\drivers
14:12:45.042 Service scanning
14:12:58.724 Modules scanning
14:12:59.223 Disk 0 trace - called modules:
14:12:59.223 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:12:59.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800462c060]
14:12:59.238 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80043c2520]
14:12:59.238 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80043be680]
14:12:59.238 Disk 0 statistics 85769/0/0 @ 8,06 MB/s
14:12:59.238 Scan finished successfully
14:13:07.304 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
14:13:07.304 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 12 úno 2017 09:12

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

c:\users\Robert\AppData\Local\AvgSetupLog -- smaž tento soubor/složku

Co problémy?

Robertekk23 · Příspěvekod **Robertekk23** » 12 úno 2017 10:36

# DelFix v1.013 - Logfile created 12/02/2017 at 10:35:01
# Updated 17/04/2016 by Xplode
# Username : Robert - ROBERT-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Users\Robert\Downloads\HijackThis.exe
Deleted : C:\Users\Robert\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #86 [Configured ASUS GPU Tweak | 02/11/2017 18:19:15]
Deleted : RP #87 [Configured ASUS GPU Tweak | 02/11/2017 18:19:15]

New restore point created !

########## - EOF - ##########

Robertekk23 · Příspěvekod **Robertekk23** » 12 úno 2017 11:16

Co se týče internetu atd vypadá vše OK. Dokonce i MS ve WOT kleslo na normální hodnoty ale zase slezlo FPS na 30 fakt nevim čím to

Robertekk23 · Příspěvekod **Robertekk23** » 12 úno 2017 11:22

i když PC je uplně v klidu nic spuštěný tak využití paměti je 980 MB při internetu 1,2 gb

Příspěvekod **Orcus** » 12 úno 2017 11:28

Který proces paměť využívá?

+

Prosím stáhni příslušnou bitovou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)

http://www.bleepingcomputer.com/downloa ... scan-tool/

Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Robertekk23 · Příspěvekod **Robertekk23** » 12 úno 2017 14:07

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Robert (administrator) on ROBERT-PC (12-02-2017 14:01:15)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2875459458-422837187-68592500-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-2875459458-422837187-68592500-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2875459458-422837187-68592500-1000\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-12-21]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{6792B50C-5C66-4153-B35D-A877910E6FF6}: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{8AFED714-4BEF-4AC8-856F-35DCC4C46464}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2875459458-422837187-68592500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2875459458-422837187-68592500-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-2875459458-422837187-68592500-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2875459458-422837187-68592500-1000 -> {D863D0A3-A183-4ECD-8BF8-D10A0A66A74D} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> teoma.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxps://www.teoma.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://teoma.com
CHR DefaultSuggestURL: Default -> hxxp://www.teoma.com/ss?type=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Prezentace Google) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Teoma) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohecngphbppjpaokeilaichhgggcmjb [2017-02-08]
CHR Extension: (Tabulky Google) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-11-10] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-29] (Disc Soft Ltd)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [215608 2016-08-22] (GenesysLogic)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4620040 2016-01-04] (Realtek Semiconductor Corporation )
S3 aswVmm; \??\C:\Users\Robert\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 14:01 - 2017-02-12 14:01 - 00010147 _____ C:\Users\Robert\Downloads\FRST.txt
2017-02-12 14:01 - 2017-02-12 14:01 - 00000000 ____D C:\FRST
2017-02-12 14:00 - 2017-02-12 14:00 - 02421248 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2017-02-12 13:00 - 2017-02-12 13:00 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-02-12 13:00 - 2017-02-12 13:00 - 00000000 ____D C:\Games
2017-02-12 12:59 - 2017-02-12 12:59 - 04731616 _____ (Wargaming.net ) C:\Users\Robert\Downloads\WoT_internet_install_eu.exe
2017-02-12 10:22 - 2017-02-12 10:22 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-12 10:22 - 2017-02-12 10:22 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-12 10:22 - 2017-02-12 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-12 10:22 - 2017-02-12 10:22 - 00000000 ____D C:\Program Files\CCleaner
2017-02-11 19:18 - 2017-02-11 19:18 - 00003218 _____ C:\Windows\System32\Tasks\{D1B96A12-6906-420E-90BD-F0A27836C8AA}
2017-02-11 10:02 - 2017-02-11 14:06 - 00000000 ____D C:\Windows\erdnt
2017-02-10 08:57 - 2017-02-12 10:35 - 00000820 _____ C:\DelFix.txt
2017-02-10 08:43 - 2017-02-10 08:43 - 00003136 _____ C:\Windows\System32\Tasks\{DB422D18-CAB4-4EC4-8F60-1F476FC76CAA}
2017-02-08 20:52 - 2017-02-10 09:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-08 20:52 - 2017-02-10 09:15 - 00050239 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-02-08 20:52 - 2017-02-10 09:14 - 00058459 _____ C:\Windows\ZAM.krnl.trace
2017-02-08 20:52 - 2017-02-08 20:52 - 00000000 ____D C:\Users\Robert\AppData\Local\Zemana
2017-02-08 20:49 - 2017-02-08 20:28 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-02-08 17:25 - 2017-02-08 20:12 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-08 17:25 - 2017-02-08 17:52 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-08 16:28 - 2017-02-08 16:28 - 00000000 ____D C:\ProgramData\Sophos
2017-02-07 16:59 - 2017-02-12 11:19 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 16:59 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-05 13:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-02-03 20:29 - 2017-02-03 20:29 - 00002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 20:28 - 2017-02-04 14:00 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-03 20:28 - 2017-02-04 14:00 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 13:00 - 2016-10-29 14:35 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-02-12 13:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-12 11:26 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-12 11:26 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-12 11:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 10:23 - 2017-01-08 11:46 - 00000000 ____D C:\Users\Robert\AppData\Roaming\TS3Client
2017-02-12 10:23 - 2016-10-29 14:17 - 00000000 ____D C:\Users\Robert\AppData\Roaming\DAEMON Tools Lite
2017-02-12 10:23 - 2016-10-29 14:11 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2017-02-11 19:19 - 2016-10-29 19:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-11 18:17 - 2016-10-31 18:06 - 00000000 ____D C:\Windows\Downloaded Installations
2017-02-11 14:08 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-02-10 08:42 - 2016-10-29 13:22 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore
2017-02-08 20:55 - 2016-10-29 13:21 - 00000000 ____D C:\Users\Robert
2017-02-08 19:46 - 2009-07-14 16:18 - 00668542 _____ C:\Windows\system32\perfh005.dat
2017-02-08 19:46 - 2009-07-14 16:18 - 00141202 _____ C:\Windows\system32\perfc005.dat
2017-02-08 19:46 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 18:00 - 2016-12-10 16:10 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc
2017-02-08 15:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-02-08 10:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-07 16:59 - 2016-11-04 16:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-05 16:19 - 2016-10-30 17:18 - 01557260 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-05 14:41 - 2016-11-04 15:55 - 00007597 _____ C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2017-02-05 11:12 - 2016-10-29 13:32 - 00000000 ____D C:\Windows\system32\MRT
2017-02-05 11:05 - 2016-10-29 13:32 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-04 14:30 - 2016-10-29 13:34 - 00003014 _____ C:\Windows\System32\Tasks\UMonitor Task
2017-02-04 13:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-02-03 20:29 - 2016-10-29 13:26 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-03 20:29 - 2016-10-29 13:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2017-02-03 20:28 - 2016-10-29 13:25 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
2017-02-03 20:14 - 2016-10-29 13:23 - 00001439 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-03 20:14 - 2016-10-29 13:23 - 00001405 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-01-27 21:41 - 2016-10-29 14:27 - 00000000 ___SD C:\Users\Robert\AppData\LocalLow\Temp
2017-01-26 07:59 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-21 10:00 - 2016-11-10 02:01 - 00000000 ____D C:\Users\Robert\Documents\My Games

==================== Files in the root of some directories =======

2016-11-04 15:55 - 2017-02-05 14:41 - 0007597 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 05:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Robert (12-02-2017 14:01:47)
Running from C:\Users\Robert\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-10-29 12:21:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2875459458-422837187-68592500-500 - Administrator - Disabled)
Guest (S-1-5-21-2875459458-422837187-68592500-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2875459458-422837187-68592500-1002 - Limited - Enabled)
Robert (S-1-5-21-2875459458-422837187-68592500-1000 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2875459458-422837187-68592500-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.01 - Ubisoft)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Medal of Honor Warfighter v1.0.0.3 (HKLM-x32\...\{1040143F-FEFB-4B90-8E51-E47D40E14C4E}_is1) (Version: 1.0.0.3 - EA Games)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Race Driver - GRID 2 1.0.82.5097 (HKLM-x32\...\Race Driver - GRID 2_is1) (Version: - )
Splinter Cell - Blacklist 1.01 (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}_is1) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
TP-LINK TL-WN823N Driver (HKLM-x32\...\{CE194A8D-C8DF-47EB-AB04-5A54CDC1C5BD}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2875459458-422837187-68592500-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0567CC6D-07B6-40EE-B613-BE4E1046C543} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {11E9F3AD-ED88-44BD-88F8-44652E560963} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {5D4C632E-FD10-4623-8C4A-2692456779CC} - System32\Tasks\{D1B96A12-6906-420E-90BD-F0A27836C8AA} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {67157EFD-9B62-4381-9204-16A077B7B023} - System32\Tasks\{DB422D18-CAB4-4EC4-8F60-1F476FC76CAA} => pcalua.exe -a C:\Users\Robert\Downloads\HijackThis.exe -d C:\Users\Robert\Downloads
Task: {87D95F68-299B-4A72-A0B0-3509351FF53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-03] (Google Inc.)
Task: {96A7C0C2-7246-4CE3-8478-71AB564CE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-03] (Google Inc.)
Task: {B182339E-B8E2-4F33-9A66-28021BAA89F9} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe
Task: {F950DE7E-2BA2-46B3-96B5-F6C481E4B82B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-10 01:39 - 2016-11-10 01:39 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-03 20:29 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-03 20:29 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-02-11 14:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2875459458-422837187-68592500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F9FD9797-7702-4050-92A5-0ECFD410464B}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F4F5DF2-4706-4697-9510-751A0D23EEF5}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9FE0EF14-AB8D-4205-BCA3-2337AF290AB0}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{09318EAF-7212-4CD9-9F80-1025DBBB1EA8}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{083384FB-1EBE-49D3-AE56-08E9C11C7F41}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76EE44CC-2248-4A4E-B0AA-7064587DC390}] => C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C14E1DAE-E90A-41C7-97E2-7EF1FE06E423}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{533B962C-41FB-4A6D-9AD2-007A7594DF01}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{6C90CD71-EE5B-4C47-9E49-276D06E758E7}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{45F190C2-0736-47B5-813D-92DA131D5F2C}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{0373CB44-C689-48CB-B1BD-811EF8FF82CA}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{5DFF5556-EEED-4B4D-85C4-02051D526A5C}] => C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [TCP Query User{10CF1024-83CE-44F9-86C1-27FE0CBA78E7}C:\program files (x86)\tmnationsforever\tmforever.exe] => C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{6272CF39-E0B6-47F9-AEE4-0C09CAF8725F}C:\program files (x86)\tmnationsforever\tmforever.exe] => C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{DEFBE7DC-471A-408D-A608-F1EE4C608EDC}D:\program files\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => D:\program files\splinter cell - blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [UDP Query User{CFE14D19-EDA6-4D07-B30D-B255552513E1}D:\program files\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => D:\program files\splinter cell - blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [{52F94810-CB3F-47A6-A090-B9C73F331A80}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{F44E0A6E-2BFD-40C2-9438-B3B819E74970}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{BD45912D-392A-49F9-8664-B4B7A1008EA7}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{4E67F710-50EB-4204-B31D-3039F676EED1}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{05FF15F8-7DA2-462E-B1EF-0D99F8BB9ED4}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{2528A99B-2D29-4EBF-AA71-2D6BDE401252}] => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RTLDHCP.exe
FirewallRules: [{7BE9A6BB-D701-4873-A4E0-60BD1F9095C8}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D91EF0CA-9178-46CB-BD04-0DD2BF6B3FFF}] => C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{17E9D316-D4EC-4C03-8943-1A69A1DA669D}] => C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{E37C4B0C-A09F-41C1-BC9C-4AA4B7DDB321}] => C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{DD7FA888-3CE2-4861-AA6E-B50DE0E9AADF}] => C:\Games\World_of_Tanks\worldoftanks.exe

==================== Restore Points =========================

12-02-2017 10:35:05 End of disinfection

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2017 02:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 3.0.0.912, časové razítko: 0x58811d74
Název chybujícího modulu: mbamtray.exe, verze: 3.0.0.912, časové razítko: 0x58811d74
Kód výjimky: 0xc0000005
Posun chyby: 0x00054645
ID chybujícího procesu: 0xe8c
Čas spuštění chybující aplikace: 0x01d27fb6f3ec9c0d
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
ID zprávy: 367f9c1e-ebaa-11e6-825f-001fd087cc94

Error: (02/04/2017 01:53:58 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Chyba služby Stínová kopie svazků: Při vytváření třídy zprostředkovatele stínové kopie modelu COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
] došlo k chybě.

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:53:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} a názvem SW_PROV nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:30:35 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Chyba služby Stínová kopie svazků: Při vytváření třídy zprostředkovatele stínové kopie modelu COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
] došlo k chybě.

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:30:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} a názvem SW_PROV nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:27:59 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Chyba služby Stínová kopie svazků: Při vytváření třídy zprostředkovatele stínové kopie modelu COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
] došlo k chybě.

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:27:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} a názvem SW_PROV nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]

Operace:
Získat rozhraní umožňující volání pro tohoto zprostředkovatele
Zobrazit seznam rozhraní pro všechny zprostředkovatele podporující tento kontext
Dotaz na stínové kopie

Kontext:
ID zprostředkovatele: {b5946137-7b9f-4925-af80-51abd60b20d5}
ID třídy: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Kontext snímku: 13
Kontext snímku: 13
Kontext spuštění: Coordinator

Error: (02/04/2017 01:12:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Windows\Temp\AvgSetup\7396b276-dcd1-47cf-80c5-d15696632567\install\fmw\avgrdsttestx.exe se nezdařilo.
Závislé sestavení AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/04/2017 01:12:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Windows\Temp\AvgSetup\7396b276-dcd1-47cf-80c5-d15696632567\install\fmw\avgrdsttesta.exe se nezdařilo.
Závislé sestavení AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/04/2017 11:22:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

System errors:
=============
Error: (02/11/2017 07:17:41 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Nelze spustit DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} jako /. Došlo k chybě:
%%740 = Požadovaná operace vyžaduje zvýšená oprávnění.
při provádění příkazu:
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding

Error: (02/11/2017 06:18:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/11/2017 06:17:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba ASGT je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2017 06:17:06 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Nelze spustit DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} jako /. Došlo k chybě:
%%740 = Požadovaná operace vyžaduje zvýšená oprávnění.
při provádění příkazu:
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding

Error: (02/11/2017 02:07:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll
Kód chyby: 126

Error: (02/11/2017 02:06:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2017 02:06:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (02/11/2017 02:06:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (02/11/2017 02:03:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2017 02:01:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

CodeIntegrity:
===================================
Date: 2017-02-11 14:06:06.974
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-11 14:06:06.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-11 14:06:06.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-11 14:06:06.724
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-11 14:01:52.943
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-11 14:01:52.865
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-29 14:51:26.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-29 14:51:26.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-29 14:38:07.103
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-29 14:38:07.103
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 34%
Total physical RAM: 4094.49 MB
Available physical RAM: 2664.15 MB
Total Virtual: 8187.18 MB
Available Virtual: 6529.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:27.53 GB) NTFS
Drive d: () (Fixed) (Total:200.33 GB) (Free:122.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Příspěvekod **jaro3** » 13 úno 2017 09:38

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2875459458-422837187-68592500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2875459458-422837187-68592500-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2875459458-422837187-68592500-1000 -> {D863D0A3-A183-4ECD-8BF8-D10A0A66A74D} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
CHR HomePage: Default -> teoma.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxps://www.teoma.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://teoma.com
CHR DefaultSuggestURL: Default -> hxxp://www.teoma.com/ss?type=prefix&li=ff&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - hxxps://clients2.google.com/service/update2/crx
S3 aswVmm; \??\C:\Users\Robert\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
C:\Windows\System32\Tasks\{D1B96A12-6906-420E-90BD-F0A27836C8AA}
C:\Windows\System32\Tasks\{DB422D18-CAB4-4EC4-8F60-1F476FC76CAA}
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Task: {11E9F3AD-ED88-44BD-88F8-44652E560963} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {87D95F68-299B-4A72-A0B0-3509351FF53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-03] (Google Inc.)
Task: {96A7C0C2-7246-4CE3-8478-71AB564CE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-03] (Google Inc.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Robertekk23 · Příspěvekod **Robertekk23** » 13 úno 2017 16:10

Prosím Co je to FRST ??

Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Re: Prosím o kontorlu logu

Kdo je online