Prosím o kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 15 črc 2017 10:59

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-07-15 10:46:17
-----------------------------
10:46:17.070 OS Version: Windows 6.0.6002 Service Pack 2
10:46:17.070 Number of processors: 4 586 0xF0B
10:46:17.086 ComputerName: HOME UserName:
10:46:25.789 Initialize success
10:46:25.820 VM: initialized successfully
10:46:25.820 VM: Intel CPU supported
10:46:30.336 VM: disk I/O atapi.sys
10:46:39.523 AVAST engine defs: 17071404
10:46:56.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:46:56.445 Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3
10:46:56.476 Disk 0 MBR read successfully
10:46:56.492 Disk 0 MBR scan
10:46:56.633 Disk 0 Windows VISTA default MBR code
10:46:56.648 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
10:46:56.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 310627 MB offset 24578048
10:46:56.742 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 154311 MB offset 660742144
10:46:56.773 Disk 0 scanning sectors +976771072
10:46:56.961 Disk 0 scanning C:\Windows\system32\drivers
10:47:19.258 Service scanning
10:47:32.461 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:47:37.226 Modules scanning
10:47:37.226 Disk 0 trace - called modules:
10:47:37.258 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys acpi.sys hal.dll >>UNKNOWN [0x8549c1e8]<<
10:47:37.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3b8e0]
10:47:37.273 3 aswSP.sys[8f2c13e3] -> nt!IofCallDriver -> [0x85528848]
10:47:37.273 5 acpi.sys[8936b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85526660]
10:47:37.289 \Driver\atapi[0x8550cb30] -> IRP_MJ_CREATE -> 0x8549c1e8
10:47:38.023 AVAST engine scan C:\Windows
10:47:45.633 AVAST engine scan C:\Windows\system32
10:51:01.289 AVAST engine scan C:\Windows\system32\drivers
10:51:35.492 AVAST engine scan C:\Users\Martin
10:55:31.101 File: C:\Users\Martin\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
10:56:00.242 AVAST engine scan C:\ProgramData
11:01:35.555 Disk 0 statistics 2916737/0/0 @ 2,10 MB/s
11:01:35.570 Scan finished successfully
11:04:11.796 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
11:04:11.802 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 16 črc 2017 08:52

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 10:24

Pořád stejně špatně :-( Teď ani DelFix nejde stáhnout.

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 16:40

# DelFix v1.013 - Logfile created 16/07/2017 at 16:40:14
# Updated 17/04/2016 by Xplode
# Username : Martin - HOME
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Martin\Desktop\AdwCleaner.exe
Deleted : C:\Users\Martin\Desktop\JRT.exe
Deleted : C:\Users\Martin\Desktop\JRT.txt
Deleted : C:\Users\Martin\Desktop\HijackThis.exe
Deleted : C:\Users\Martin\Desktop\hijackthis.log
Deleted : C:\Users\Martin\Desktop\MBR.dat
Deleted : C:\Users\Martin\Desktop\RogueKiller_portable32.exe
Deleted : C:\Users\Martin\Desktop\TFC.exe
Deleted : C:\Users\Martin\Desktop\zoek.exe
Deleted : C:\Users\Martin\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #3259 [JRT Pre-Junkware Removal | 07/13/2017 19:53:40]
Deleted : RP #3260 [Installed Sophos Virus Removal Tool. | 07/13/2017 20:02:45]
Deleted : RP #3261 [zoek.exe restore point | 07/14/2017 19:35:06]
Deleted : RP #3263 [Zemana AntiMalware 14.7.2017 22:30:41 | 07/14/2017 20:30:46]
Deleted : RP #3264 [ComboFix created restore point | 07/16/2017 08:04:37]

New restore point created !

########## - EOF - ##########

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 17:16

Pořád špatné...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 16 črc 2017 18:04

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 18:42

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Martin (administrator) on HOME (17-07-2017 18:43:38)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-03] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-18] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default [2017-07-14]
FF NewTab: Mozilla\Firefox\Profiles\77cajyaj.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\77cajyaj.default -> about:home
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (Avast SafePrice) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-14]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-14] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-07-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-03] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-14] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-14] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-14] (Zemana Ltd.)
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 18:43 - 2017-07-17 18:44 - 00013750 _____ C:\Users\Martin\Desktop\FRST.txt
2017-07-17 18:43 - 2017-07-17 18:43 - 00000000 ____D C:\FRST
2017-07-17 18:42 - 2017-07-17 16:22 - 01780736 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2017-07-14 22:00 - 2017-07-17 18:44 - 00058863 _____ C:\Windows\ZAM.krnl.trace
2017-07-14 22:00 - 2017-07-17 18:44 - 00045738 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00001693 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-14 21:59 - 2017-07-14 21:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
2017-07-14 21:58 - 2017-07-14 21:58 - 06589840 _____ (Zemana Ltd. ) C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
2017-07-14 21:51 - 2017-07-14 21:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-13 22:05 - 2017-07-13 22:05 - 00000000 ____D C:\ProgramData\Sophos
2017-07-13 22:04 - 2017-07-13 22:04 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-13 22:04 - 2017-07-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-13 22:03 - 2017-07-13 22:03 - 00000000 ____D C:\Program Files\Sophos
2017-07-13 20:43 - 2017-07-13 20:44 - 171309576 _____ (Sophos Limited) C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
2017-07-12 20:59 - 2017-07-14 18:31 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-12 20:59 - 2017-07-12 20:59 - 00001821 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-12 20:59 - 2017-07-12 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-12 20:59 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-12 20:58 - 2017-07-12 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-12 20:58 - 2017-07-11 21:15 - 65033984 _____ (Malwarebytes ) C:\Users\Martin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 12:59 - 2017-02-11 17:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-10 12:46 - 2017-07-10 12:46 - 01237796 _____ C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
2017-07-10 11:51 - 2017-07-10 11:51 - 01237796 _____ C:\Users\Martin\Downloads\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu
2017-07-10 11:51 - 2017-07-10 11:51 - 00000000 ____D C:\25313335900d7f696160167d00a5
2017-07-03 17:33 - 2017-07-03 17:33 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 16:41 - 2015-10-28 09:42 - 00001446 _____ C:\DelFix.txt
2017-07-16 16:41 - 2007-01-08 23:09 - 00673764 _____ C:\Windows\system32\perfh005.dat
2017-07-16 16:41 - 2007-01-08 23:09 - 00142560 _____ C:\Windows\system32\perfc005.dat
2017-07-16 16:41 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-16 16:41 - 2006-11-02 12:33 - 01595062 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 14:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-16 14:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-16 13:20 - 2008-03-03 08:31 - 00043008 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-16 10:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 10:14 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2017-07-16 10:13 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-16 10:13 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 10:11 - 2006-11-02 15:01 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-16 10:04 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2017-07-15 10:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-14 22:31 - 2010-07-09 15:38 - 00000000 ____D C:\Users\Martin\Downloads\Uniblue 2009 (SpeedUpMyPC + RegistryBooster + DriverScanner){H33T}{JOHNCANADUDE}
2017-07-14 22:06 - 2008-02-29 17:28 - 00000000 ____D C:\Users\Martin
2017-07-14 21:34 - 2017-06-16 17:39 - 05216768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-07-14 21:34 - 2012-05-24 23:20 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-14 21:34 - 2011-06-20 11:18 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-14 21:34 - 2007-11-23 16:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-14 20:49 - 2015-01-27 22:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 06:09 - 2011-08-10 16:36 - 00000000 ____D C:\Program Files\Ultimate Process Manager
2017-07-12 20:58 - 2011-08-15 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 12:15 - 2013-08-19 09:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-10 12:06 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-07-03 17:35 - 2014-04-15 00:37 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-03 17:33 - 2015-08-28 15:04 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-03 17:33 - 2015-06-23 19:48 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-03 17:33 - 2014-04-30 18:05 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.cat
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2017-07-16 13:20 - 0043008 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

Some files in TEMP:
====================
2017-07-16 13:19 - 2017-07-16 13:19 - 39473240 _____ (PandoraTV) C:\Users\Martin\AppData\Local\temp\KMP_4.2.1.4.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 10:28

==================== End of FRST.txt ============================

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 18:42

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 18:44:30)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD 3.2.0.52 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.2.0.52 - )
Corel Graphics Suite 11 (HKLM\...\{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation) Hidden
Creative PCI Audio Drivers (HKLM\...\SBPCIUnInstall) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
FormApps Signing Extension (HKLM\...\{801F9351-A8A7-441D-9398-6A56E143E316}) (Version: 1.28.0.8 - Software602 a.s.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KeyProwler Keylogger (HKLM\...\{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}) (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: 11.5.22.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers01: [ABBYYPDFContextMenuExtension] -> {83903CAB-2FC1-40f6-8B82-DF123A5FB9E3} => C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll [2004-08-05] (ABBYY (BIT Software))
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2007-11-06] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0ABB3986-F567-4332-9482-383475F1D4F0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {5519E6B1-D98D-44FB-A304-ABCE430ADAC0} - System32\Tasks\SafeZone scheduled Autoupdate 1451305697 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => C:\Windows\system32\pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CB1F8EF2-0196-4FD6-851E-B816CB9289BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.u
Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2017-07-03 17:33 - 2017-07-03 17:33 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-15 12:43 - 2017-07-15 12:43 - 05781504 _____ () C:\Program Files\AVAST Software\Avast\defs\17071500\algo.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-16 16:36 - 2017-07-16 16:36 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071600\algo.dll
2008-03-29 12:15 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-29 12:15 - 2007-10-02 16:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2017-07-14 22:00 - 2017-07-14 22:00 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2017-07-03 17:33 - 2017-07-03 17:33 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-01-02 19:59 - 2017-01-02 19:59 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-03 17:33 - 2017-07-03 17:35 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\1mybigdreamnowreal.com -> www.1mybigdreamnowreal.com
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1sms.de -> www.1sms.de
IE restricted site: HKU\.DEFAULT\...\1spybot.com -> www.1spybot.com
IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2-2005-search.com -> www.2-2005-search.com
IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com
IE restricted site: HKU\.DEFAULT\...\2007-download.com -> www.2007-download.com
IE restricted site: HKU\.DEFAULT\...\2008-search-destroy.com -> www.2008-search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2008-viewer.com -> www.2008-viewer.com
IE restricted site: HKU\.DEFAULT\...\2008firefox.com -> www.2008firefox.com
IE restricted site: HKU\.DEFAULT\...\2008search-destroy.com -> spybot.2008search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2009--access.com -> www.2009--access.com
IE restricted site: HKU\.DEFAULT\...\2009-box.com -> firefox.2009-box.com
IE restricted site: HKU\.DEFAULT\...\2009-edition.com -> www.2009-edition.com
IE restricted site: HKU\.DEFAULT\...\2009-phone.com -> www.2009-phone.com
IE restricted site: HKU\.DEFAULT\...\2009-version.info -> www.2009-version.info
IE restricted site: HKU\.DEFAULT\...\2009antivirpro.com -> www.2009antivirpro.com

There are 7643 more sites.

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123simsen.com -> www.123simsen.com

There are 7680 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-15 10:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{31C7D85A-EA17-41F0-8243-1F35FB9F21AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-07-2017 16:40:49 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2017 04:40:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {f578c65c-fc8a-4733-ba36-a325faacbd18}

Error: (07/16/2017 10:14:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xcd8, čas spuštění aplikace 0x01d2fe0b83924a7b.

Error: (07/15/2017 10:28:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xc90, čas spuštění aplikace 0x01d2fd443197e202.

Error: (07/15/2017 10:17:56 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Metadata indexu obsahu nelze číst. (0xc0041801)

Error: (07/15/2017 10:17:56 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4212) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (07/14/2017 10:30:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb874e01-e623-475a-a038-0c0f3dbb730d}

Error: (07/14/2017 09:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x84, čas spuštění aplikace 0x01d2fcdb017d77f3.

Error: (07/13/2017 09:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xdfc, čas spuštění aplikace 0x01d2fc10569bb3f3.

Error: (07/12/2017 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x858, čas spuštění aplikace 0x01d2fb3920a9d7fb.

Error: (07/11/2017 03:18:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu PNRPsvc v knihovně DLL C:\Windows\system32\pnrpperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (07/17/2017 06:45:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 192.168.100.10 pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP 10.128.129.125 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/17/2017 06:44:47 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 192.168.0.15 pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/17/2017 06:35:46 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 78.45.22.211 pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/16/2017 04:35:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (07/16/2017 10:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/16/2017 10:14:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).

Error: (07/15/2017 10:25:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/15/2017 10:20:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/15/2017 10:15:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (07/15/2017 10:14:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
Date: 2017-07-17 18:44:25.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:24.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:24.160
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:23.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:22.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:22.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:21.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-15 10:17:49.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-15 10:17:49.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 2037.58 MB
Available physical RAM: 912.55 MB
Total Virtual: 4312.19 MB
Available Virtual: 2607 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:204.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:48.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 17 črc 2017 19:41

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
IE restricted site: HKU\.DEFAULT\...\1mybigdreamnowreal.com -> www.1mybigdreamnowreal.com
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1sms.de -> www.1sms.de
IE restricted site: HKU\.DEFAULT\...\1spybot.com -> www.1spybot.com
IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2-2005-search.com -> www.2-2005-search.com
IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com
IE restricted site: HKU\.DEFAULT\...\2007-download.com -> www.2007-download.com
IE restricted site: HKU\.DEFAULT\...\2008-search-destroy.com -> www.2008-search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2008-viewer.com -> www.2008-viewer.com
IE restricted site: HKU\.DEFAULT\...\2008firefox.com -> www.2008firefox.com
IE restricted site: HKU\.DEFAULT\...\2008search-destroy.com -> spybot.2008search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2009--access.com -> www.2009--access.com
IE restricted site: HKU\.DEFAULT\...\2009-box.com -> firefox.2009-box.com
IE restricted site: HKU\.DEFAULT\...\2009-edition.com -> www.2009-edition.com
IE restricted site: HKU\.DEFAULT\...\2009-phone.com -> www.2009-phone.com
IE restricted site: HKU\.DEFAULT\...\2009-version.info -> www.2009-version.info
IE restricted site: HKU\.DEFAULT\...\2009antivirpro.com -> www.2009antivirpro.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123simsen.com -> www.123simsen.com

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak udělej znovu sken FRST.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:43

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 20:40:48) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
IE restricted site: HKU\.DEFAULT\...\1mybigdreamnowreal.com -> www.1mybigdreamnowreal.com
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1sms.de -> www.1sms.de
IE restricted site: HKU\.DEFAULT\...\1spybot.com -> www.1spybot.com
IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2-2005-search.com -> www.2-2005-search.com
IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com
IE restricted site: HKU\.DEFAULT\...\2007-download.com -> www.2007-download.com
IE restricted site: HKU\.DEFAULT\...\2008-search-destroy.com -> www.2008-search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2008-viewer.com -> www.2008-viewer.com
IE restricted site: HKU\.DEFAULT\...\2008firefox.com -> www.2008firefox.com
IE restricted site: HKU\.DEFAULT\...\2008search-destroy.com -> spybot.2008search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2009--access.com -> www.2009--access.com
IE restricted site: HKU\.DEFAULT\...\2009-box.com -> firefox.2009-box.com
IE restricted site: HKU\.DEFAULT\...\2009-edition.com -> www.2009-edition.com
IE restricted site: HKU\.DEFAULT\...\2009-phone.com -> www.2009-phone.com
IE restricted site: HKU\.DEFAULT\...\2009-version.info -> www.2009-version.info
IE restricted site: HKU\.DEFAULT\...\2009antivirpro.com -> www.2009antivirpro.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123simsen.com -> www.123simsen.com

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully.
HKLM\System\CurrentControlSet\Services\axksdo4f => key removed successfully.
axksdo4f => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94460280-D3E6-4E4B-B9C9-7083A866C95F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94460280-D3E6-4E4B-B9C9-7083A866C95F} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1mybigdreamnowreal.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sexparty.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sms.de => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1spybot.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stpagehere.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stsearchportal.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2-2005-search.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2007-download.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-search-destroy.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-viewer.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008firefox.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008search-destroy.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009--access.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-box.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-edition.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-phone.com => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-version.info => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009antivirpro.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5461148 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1776 B
Edge => 0 B
Chrome => 78210503 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 424 B
LocalService => 0 B
NetworkService => 0 B
Martin => 40193296 B

RecycleBin => 0 B
EmptyTemp: => 126.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:41:09 ====

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:53

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Martin (administrator) on HOME (17-07-2017 20:49:31)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-03] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-18] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default [2017-07-14]
FF NewTab: Mozilla\Firefox\Profiles\77cajyaj.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\77cajyaj.default -> about:home
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-14] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-07-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-03] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-14] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-14] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-14] (Zemana Ltd.)
U3 afbgfrht; C:\Windows\system32\Drivers\afbgfrht.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:49 - 2017-07-17 20:54 - 00012767 _____ C:\Users\Martin\Desktop\FRST.txt
2017-07-17 20:40 - 2017-07-17 20:41 - 00014298 _____ C:\Users\Martin\Desktop\Fixlog.txt
2017-07-17 18:43 - 2017-07-17 20:49 - 00000000 ____D C:\FRST
2017-07-17 18:42 - 2017-07-17 16:22 - 01780736 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2017-07-14 22:00 - 2017-07-17 20:51 - 00026880 _____ C:\Windows\ZAM.krnl.trace
2017-07-14 22:00 - 2017-07-17 20:51 - 00015013 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00001693 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-14 21:59 - 2017-07-14 21:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
2017-07-14 21:58 - 2017-07-14 21:58 - 06589840 _____ (Zemana Ltd. ) C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
2017-07-14 21:51 - 2017-07-14 21:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-13 22:05 - 2017-07-13 22:05 - 00000000 ____D C:\ProgramData\Sophos
2017-07-13 22:04 - 2017-07-13 22:04 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-13 22:04 - 2017-07-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-13 22:03 - 2017-07-13 22:03 - 00000000 ____D C:\Program Files\Sophos
2017-07-13 20:43 - 2017-07-13 20:44 - 171309576 _____ (Sophos Limited) C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
2017-07-12 20:59 - 2017-07-14 18:31 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-12 20:59 - 2017-07-12 20:59 - 00001821 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-12 20:59 - 2017-07-12 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-12 20:59 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-12 20:58 - 2017-07-12 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-12 20:58 - 2017-07-11 21:15 - 65033984 _____ (Malwarebytes ) C:\Users\Martin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 12:59 - 2017-02-11 17:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-10 12:46 - 2017-07-10 12:46 - 01237796 _____ C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
2017-07-10 11:51 - 2017-07-10 11:51 - 01237796 _____ C:\Users\Martin\Downloads\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu
2017-07-10 11:51 - 2017-07-10 11:51 - 00000000 ____D C:\25313335900d7f696160167d00a5
2017-07-03 17:33 - 2017-07-03 17:33 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:46 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2017-07-17 20:43 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 20:43 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 20:43 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 20:42 - 2006-11-02 15:01 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-17 18:44 - 2007-01-08 23:09 - 00673764 _____ C:\Windows\system32\perfh005.dat
2017-07-17 18:44 - 2007-01-08 23:09 - 00142560 _____ C:\Windows\system32\perfc005.dat
2017-07-17 18:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-17 18:44 - 2006-11-02 12:33 - 01595062 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 16:41 - 2015-10-28 09:42 - 00001446 _____ C:\DelFix.txt
2017-07-16 13:20 - 2008-03-03 08:31 - 00043008 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-16 10:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 10:13 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 10:04 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2017-07-15 10:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-14 22:31 - 2010-07-09 15:38 - 00000000 ____D C:\Users\Martin\Downloads\Uniblue 2009 (SpeedUpMyPC + RegistryBooster + DriverScanner){H33T}{JOHNCANADUDE}
2017-07-14 22:06 - 2008-02-29 17:28 - 00000000 ____D C:\Users\Martin
2017-07-14 21:34 - 2017-06-16 17:39 - 05216768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-07-14 21:34 - 2012-05-24 23:20 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-14 21:34 - 2011-06-20 11:18 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-14 21:34 - 2007-11-23 16:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-14 20:49 - 2015-01-27 22:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 06:09 - 2011-08-10 16:36 - 00000000 ____D C:\Program Files\Ultimate Process Manager
2017-07-12 20:58 - 2011-08-15 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 12:15 - 2013-08-19 09:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-10 12:06 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-07-03 17:35 - 2014-04-15 00:37 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-03 17:33 - 2015-08-28 15:04 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-03 17:33 - 2015-06-23 19:48 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-03 17:33 - 2014-04-30 18:05 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.cat
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2017-07-16 13:20 - 0043008 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-17 20:49

==================== End of FRST.txt ============================

martinb01
Level 2
Level 2
Příspěvky: 166
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:54

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 20:54:40)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD 3.2.0.52 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.2.0.52 - )
Corel Graphics Suite 11 (HKLM\...\{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation) Hidden
Creative PCI Audio Drivers (HKLM\...\SBPCIUnInstall) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
FormApps Signing Extension (HKLM\...\{801F9351-A8A7-441D-9398-6A56E143E316}) (Version: 1.28.0.8 - Software602 a.s.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KeyProwler Keylogger (HKLM\...\{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}) (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: 11.5.22.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers01: [ABBYYPDFContextMenuExtension] -> {83903CAB-2FC1-40f6-8B82-DF123A5FB9E3} => C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll [2004-08-05] (ABBYY (BIT Software))
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2007-11-06] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0ABB3986-F567-4332-9482-383475F1D4F0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {5519E6B1-D98D-44FB-A304-ABCE430ADAC0} - System32\Tasks\SafeZone scheduled Autoupdate 1451305697 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => C:\Windows\system32\pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {CB1F8EF2-0196-4FD6-851E-B816CB9289BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.u
Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2017-07-03 17:33 - 2017-07-03 17:33 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-17 20:37 - 2017-07-17 20:37 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071712\algo.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2008-03-29 12:15 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-29 12:15 - 2007-10-02 16:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2017-07-14 22:00 - 2017-07-14 22:00 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2007-05-11 00:49 - 2007-05-11 00:49 - 00017024 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-01-02 19:59 - 2017-01-02 19:59 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-03 17:33 - 2017-07-03 17:35 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\2009fr.com -> spybot.2009fr.com
IE restricted site: HKU\.DEFAULT\...\2009search-destroy.com -> www.2009search-destroy.com
IE restricted site: HKU\.DEFAULT\...\2011-kilos-verlieren.eu -> www.2011-kilos-verlieren.eu
IE restricted site: HKU\.DEFAULT\...\2020search.com -> www.2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\21dice.net -> www.21dice.net
IE restricted site: HKU\.DEFAULT\...\2211.net -> wwww.2211.net
IE restricted site: HKU\.DEFAULT\...\24-7pharmacy.info -> www.24-7pharmacy.info
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\247fxxx.info -> www.247fxxx.info
IE restricted site: HKU\.DEFAULT\...\24teen.com -> www.24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\2rfsex.info -> www.2rfsex.info
IE restricted site: HKU\.DEFAULT\...\2search.com -> feeds.2search.com
IE restricted site: HKU\.DEFAULT\...\2search.org -> feeds2.2search.org
IE restricted site: HKU\.DEFAULT\...\2squared.com -> www.2squared.com
IE restricted site: HKU\.DEFAULT\...\2vgporn.info -> www.2vgporn.info
IE restricted site: HKU\.DEFAULT\...\3-2005-search.com -> www.3-2005-search.com
IE restricted site: HKU\.DEFAULT\...\30horasdesexoonline.com -> www.30horasdesexoonline.com
IE restricted site: HKU\.DEFAULT\...\31columns.com -> www.31columns.com

There are 7623 more sites.

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\1importantiamreal.com -> www.1importantiamreal.com

There are 7660 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-15 10:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{31C7D85A-EA17-41F0-8243-1F35FB9F21AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-07-2017 16:40:49 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2017 08:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xd80, čas spuštění aplikace 0x01d2ff2cc5356a31.

Error: (07/16/2017 04:40:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {f578c65c-fc8a-4733-ba36-a325faacbd18}

Error: (07/16/2017 10:14:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xcd8, čas spuštění aplikace 0x01d2fe0b83924a7b.

Error: (07/15/2017 10:28:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xc90, čas spuštění aplikace 0x01d2fd443197e202.

Error: (07/15/2017 10:17:56 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Metadata indexu obsahu nelze číst. (0xc0041801)

Error: (07/15/2017 10:17:56 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4212) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (07/14/2017 10:30:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb874e01-e623-475a-a038-0c0f3dbb730d}

Error: (07/14/2017 09:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x84, čas spuštění aplikace 0x01d2fcdb017d77f3.

Error: (07/13/2017 09:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xdfc, čas spuštění aplikace 0x01d2fc10569bb3f3.

Error: (07/12/2017 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x858, čas spuštění aplikace 0x01d2fb3920a9d7fb.


System errors:
=============
Error: (07/17/2017 08:43:33 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.

Error: (07/17/2017 08:43:28 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.

Error: (07/17/2017 08:41:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (07/17/2017 08:40:50 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Fujitsu Siemens Computers Diagnostic Testhandler byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (07/17/2017 06:45:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP 192.168.100.10 pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP 10.128.129.125 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).


CodeIntegrity:
===================================
Date: 2017-07-17 20:54:28.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:25.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:25.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:24.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:23.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 2037.58 MB
Available physical RAM: 463.52 MB
Total Virtual: 4316.19 MB
Available Virtual: 2546.73 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:205.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:48.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 2 hosti