Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by Pavel_2 (22-07-2017 10:09:24)
Running from C:\Users\Pavel_2\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-04-20 22:32:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2689332252-1931905943-1140053980-500 - Administrator - Disabled)
Guest (S-1-5-21-2689332252-1931905943-1140053980-501 - Limited - Disabled)
Pavel (S-1-5-21-2689332252-1931905943-1140053980-1000 - Administrator - Enabled) => C:\Users\Pavel
Pavel_2 (S-1-5-21-2689332252-1931905943-1140053980-1001 - Administrator - Enabled) => C:\Users\Pavel_2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
FormatFactory 3.5.0.0 (HKLM\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer 97 (HKLM\...\PPTView97) (Version: - )
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
RogueKiller version 12.11.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.5.0 - Adlice Software)
Sada Compatibility Pack pro systém Office 2007 (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.92 (14.3.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.29.02(19.6.2014) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM\...\Samsung M2070 Series) (Version: 1.16 (18.8.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM\...\Samsung Scan Process Machine) (Version: 1.02.07.02 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zobrazit uživatelskou příručku (HKLM\...\View User Guide) (Version: 3.60.43.0 - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Users\Pavel_2\AppData\Roaming\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-05-14] (Egis Inc.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers01: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-05-14] (Egis Incorporated.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers04: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-05-14] (Egis Incorporated.)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-07-18] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {40C9B193-FF75-4448-ADDE-69397437094E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4191A5B2-ECA8-4179-92A4-30450DC6AA3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {42BBDAB2-DEEE-48C3-A5EE-3CD6C29065FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {7F712886-C716-427E-AF98-FDB4C7B6B281} - System32\Tasks\{F6E56D0C-B6CF-4F0C-AA67-D0C1B5C4909E} => C:\Program Files\Skype\Phone\Skype.exe [2009-10-09] (Skype Technologies S.A.)
Task: {97AC1689-23A2-435D-BAAF-E0C5641D7C4D} - System32\Tasks\Avast Emergency Update => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {E440AC8E-7067-4EC9-A201-EDD420A77282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {E44DB6CC-4161-4627-9E03-D52AFA2A282B} - System32\Tasks\{1A5CF578-7C22-47B9-A94E-008280F2C782} => C:\Windows\system32\pcalua.exe -a C:\Users\Pavel_2\Downloads\TurboFLOORPLANCZ.exe -d C:\Users\Pavel_2\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-07-20 20:15 - 2017-07-20 20:15 - 00170224 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00192664 _____ () C:\Program Files\Alwil Software\Avast5\event_routing_rpc.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00224256 _____ () C:\Program Files\Alwil Software\Avast5\tasks_core.dll
2017-07-22 00:28 - 2017-07-22 00:28 - 05886720 _____ () C:\Program Files\Alwil Software\Avast5\defs\17072102\algo.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00689272 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00231664 _____ () C:\Program Files\Alwil Software\Avast5\streamback.dll
2008-10-16 16:57 - 2008-10-16 16:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2015-01-19 22:22 - 2013-05-29 14:03 - 00024064 _____ () C:\Windows\System32\ssm4mlm.dll
2009-04-01 19:31 - 2008-01-16 18:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2016-11-13 12:38 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2008-08-06 09:38 - 2008-06-02 09:25 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-04-01 18:57 - 2009-04-01 18:57 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-08-06 09:50 - 2008-05-30 12:22 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-08-06 09:48 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-08-06 09:48 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-08-06 09:48 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-08-06 09:48 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-05-14 17:05 - 2008-05-14 17:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2009-04-01 18:51 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-08-06 10:22 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-08-06 10:22 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2009-06-02 22:06 - 2008-10-20 22:18 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2017-07-20 20:15 - 2017-07-20 20:15 - 00134928 _____ () c:\Program Files\Alwil Software\Avast5\vaarclient.dll
2009-03-18 11:43 - 2009-03-18 11:43 - 00841000 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-03-18 11:43 - 2009-03-18 11:43 - 00013096 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2012-03-09 10:58 - 2012-03-09 10:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2009-04-01 19:51 - 2007-09-11 11:12 - 00475136 _____ () C:\Program Files\Acer\Acer VCM\AcerControl.dll
2009-01-14 20:23 - 2009-01-14 20:23 - 00963072 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 01059160 _____ () C:\Program Files\Alwil Software\Avast5\AvChrome.dll
2016-06-28 23:50 - 2016-06-28 23:50 - 48936448 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2017-07-20 20:14 - 2017-07-20 20:14 - 00292920 _____ () C:\Program Files\Alwil Software\Avast5\gaming_mode_ui.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4F636E25 [256]
AlternateDataStreams: C:\ProgramData\Temp:793F316E [106]
AlternateDataStreams: C:\ProgramData\Temp:C95B63DA [118]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [128]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\mojebanka.cz ->
hxxps://etrading.mojebanka.czIE trusted site: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\mojeplatba.cz ->
hxxps://www.mojeplatba.cz==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2017-07-19 01:01 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pavel_2\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{DCDD0EA7-483E-4497-9B75-D970EA181106}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{6A02BA5B-5B04-46EF-8028-CEFE3E35950F}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{F58C8BCA-16F2-4162-9B88-48F0B258FFDD}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C2F73ED5-58E1-4D6F-94B8-F0587A0480E9}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{55DCA259-5657-4AB2-B4DC-A134F856F7B2}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{BE69A992-6AB4-4F72-B7AB-8876DA8EAD69}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C0231E89-65F9-4CEC-B8F9-D58A41673DFA}C:\klára\icq6.5\icq.exe] => (Block) C:\klára\icq6.5\icq.exe
FirewallRules: [UDP Query User{538CF1CF-D78E-4A55-9EC4-6D940D196D0C}C:\klára\icq6.5\icq.exe] => (Block) C:\klára\icq6.5\icq.exe
FirewallRules: [TCP Query User{4F0AEAAC-FD2E-4AD9-8782-A0936D685685}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{11095FA4-3098-45FB-A277-64E5650C0E77}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{852BD9F4-6710-4EF2-9F39-04A0247E7EBC}] => (Allow) LPort=80
FirewallRules: [{FD19026F-C424-4DE2-AED5-F123378EEE98}] => (Allow) LPort=80
FirewallRules: [{31506E90-A3E1-4A1B-8F45-1EFBF844AEC0}] => (Allow) LPort=80
FirewallRules: [{D9273E75-F189-4B9E-9226-EE3E5F0FEB7C}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{E24D6E4A-5B91-47CC-A7E6-35155680B50E}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{5008D037-DD61-40E4-A237-C2E9A8496CF5}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{DF495A21-78E5-4FAC-8E3B-CB3B7418887A}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{DC1A9FB1-A817-4C58-BE25-9C82BD784C94}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{FD20FD93-9FE2-4A94-9169-C559F28B3BD1}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [TCP Query User{DC461426-3BE9-437C-94AB-22EE4FE13C9C}C:\program files\pinnacle\studio 15\programs\studio.exe] => (Block) C:\program files\pinnacle\studio 15\programs\studio.exe
FirewallRules: [UDP Query User{CD339017-57B8-4EAC-9101-9A7665E4CB3E}C:\program files\pinnacle\studio 15\programs\studio.exe] => (Block) C:\program files\pinnacle\studio 15\programs\studio.exe
FirewallRules: [{74815076-A76A-4F4C-841E-A104FD6012DD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8A2A6363-0D67-40E0-BAC9-ACCAC61A66EB}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{25425570-07B5-40D4-92ED-4E7F7E2A61C2}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{AC2D9B8C-1E0F-429C-88D3-A57299169C9E}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{AA4D0104-97AB-4D51-9854-8BF10DD143D2}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D80B63E4-DA20-4F20-9E0A-96F47E3F2A3F}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A7C0C2C3-F1F1-4BC2-9532-05B173DEFDCD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{0199EA94-38DE-4A15-8AC2-736867DADD93}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5D3FA6E8-0C91-42F0-B929-C1936AE174F8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{04E808A4-4830-462C-BD09-7CAC3B0825BD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{3496AAC5-F391-4D28-B95F-8C571262BB3D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{19069A1F-32C9-4AB0-803B-3F8B960C46EB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2F905A21-B562-497F-A5AD-F99A1D9FBB27}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{AAB07B01-3522-428D-B84C-831FEA4F4761}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{754E5FF0-0180-4DBE-BB5B-3D60ED21EF4A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{CCC85929-D78F-49F6-9B96-705D9BDCCBC3}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{22523383-6A34-46FC-BE47-3F1F4BB0C3BF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{13552591-08C7-4670-AA88-A78A9DC9EE0A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9987B752-3299-4528-A9CA-84990AEE808E}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BB38C142-694A-4C7B-8B4D-315BB0182118}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{830C24CF-D914-4B83-A055-3EA8FCD0C40F}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{D404F1BA-9185-45D5-9408-334DA69739E8}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{A6DE45F5-AE7E-4786-BA12-9AEF01064554}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
==================== Restore Points =========================
20-07-2017 20:00:43 End of disinfection
==================== Faulty Device Manager Devices =============
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2017 10:04:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/22/2017 12:45:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/22/2017 12:30:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/22/2017 12:27:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/21/2017 07:02:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/20/2017 10:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace SearchIndexer.exe, verze 7.0.6002.18005, časové razítko 0x49e02459, chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000, kód výjimky 0xc0000005, posun chyby 0x00000000,
ID procesu 0xdb4, čas spuštění aplikace 0x01d301930d79e0bb.
Error: (07/20/2017 10:18:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace firefox.exe, verze 1.9.2.4182, časové razítko 0x4df8638f, chybující modul NPSWF32_26_0_0_137.dll_unloaded, verze 0.0.0.0, časové razítko 0x594d53e2, kód výjimky 0xc0000005, posun chyby 0x0afc85c9,
ID procesu 0x151c, čas spuštění aplikace 0x01d301952ee11b9b.
Error: (07/20/2017 10:02:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/20/2017 08:21:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/20/2017 08:00:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {09a89a6f-4872-4c3e-ade0-1698e4a096d5}
System errors:
=============
Error: (07/22/2017 10:06:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Mezipaměť písem Windows neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (07/22/2017 10:06:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Mezipaměť písem Windows bylo dosaženo časového limitu (30000 ms).
Error: (07/22/2017 12:44:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:42:56, 22.7.2017) bylo neočekávané.
Error: (07/22/2017 12:33:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft .NET Framework NGEN v4.0.30319_X86 bylo dosaženo časového limitu (30000 ms).
Error: (07/22/2017 12:29:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:27:37, 22.7.2017) bylo neočekávané.
Error: (07/21/2017 07:05:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft .NET Framework NGEN v4.0.30319_X86 bylo dosaženo časového limitu (30000 ms).
Error: (07/20/2017 10:23:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (07/20/2017 10:03:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Media Player Network Sharing neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (07/20/2017 10:03:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Windows Media Player Network Sharing bylo dosaženo časového limitu (30000 ms).
Error: (07/20/2017 08:30:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače NB-DELL,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{53ADFF44-7CED-4415-973C-870525686B.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.
CodeIntegrity:
===================================
Date: 2017-07-22 10:09:12.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:11.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:10.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:09.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:08.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:07.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:06.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:09:05.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:08:06.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-07-22 10:08:06.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3066.12 MB
Available physical RAM: 976.59 MB
Total Virtual: 6332.53 MB
Available Virtual: 4282.35 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:66.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:97.15 GB) NTFS
Drive e: () (Removable) (Total:7.6 GB) (Free:7.57 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8CF27C7C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: A15B14E1)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0B)
==================== End of Addition.txt ============================