Level 2
Level 2
Příspěvky: 167
Registrován: únor 11
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod martinb01 » 15 črc 2017 10:59

aswMBR version Copyright(c) 2014 AVAST Software
Run date: 2017-07-15 10:46:17
10:46:17.070 OS Version: Windows 6.0.6002 Service Pack 2
10:46:17.070 Number of processors: 4 586 0xF0B
10:46:17.086 ComputerName: HOME UserName:
10:46:25.789 Initialize success
10:46:25.820 VM: initialized successfully
10:46:25.820 VM: Intel CPU supported
10:46:30.336 VM: disk I/O atapi.sys
10:46:39.523 AVAST engine defs: 17071404
10:46:56.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:46:56.445 Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3
10:46:56.476 Disk 0 MBR read successfully
10:46:56.492 Disk 0 MBR scan
10:46:56.633 Disk 0 Windows VISTA default MBR code
10:46:56.648 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
10:46:56.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 310627 MB offset 24578048
10:46:56.742 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 154311 MB offset 660742144
10:46:56.773 Disk 0 scanning sectors +976771072
10:46:56.961 Disk 0 scanning C:\Windows\system32\drivers
10:47:19.258 Service scanning
10:47:32.461 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:47:37.226 Modules scanning
10:47:37.226 Disk 0 trace - called modules:
10:47:37.258 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys acpi.sys hal.dll >>UNKNOWN [0x8549c1e8]<<
10:47:37.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3b8e0]
10:47:37.273 3 aswSP.sys[8f2c13e3] -> nt!IofCallDriver -> [0x85528848]
10:47:37.273 5 acpi.sys[8936b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85526660]
10:47:37.289 \Driver\atapi[0x8550cb30] -> IRP_MJ_CREATE -> 0x8549c1e8
10:47:38.023 AVAST engine scan C:\Windows
10:47:45.633 AVAST engine scan C:\Windows\system32
10:51:01.289 AVAST engine scan C:\Windows\system32\drivers
10:51:35.492 AVAST engine scan C:\Users\Martin
10:55:31.101 File: C:\Users\Martin\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
10:56:00.242 AVAST engine scan C:\ProgramData
11:01:35.555 Disk 0 statistics 2916737/0/0 @ 2,10 MB/s
11:01:35.570 Scan finished successfully
11:04:11.796 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
11:04:11.802 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43072
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 16 črc 2017 08:52

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 10:24

Pořád stejně špatně :-( Teď ani DelFix nejde stáhnout.

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 16:40

# DelFix v1.013 - Logfile created 16/07/2017 at 16:40:14
# Updated 17/04/2016 by Xplode
# Username : Martin - HOME
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Martin\Desktop\AdwCleaner.exe
Deleted : C:\Users\Martin\Desktop\JRT.exe
Deleted : C:\Users\Martin\Desktop\JRT.txt
Deleted : C:\Users\Martin\Desktop\HijackThis.exe
Deleted : C:\Users\Martin\Desktop\hijackthis.log
Deleted : C:\Users\Martin\Desktop\MBR.dat
Deleted : C:\Users\Martin\Desktop\RogueKiller_portable32.exe
Deleted : C:\Users\Martin\Desktop\TFC.exe
Deleted : C:\Users\Martin\Desktop\zoek.exe
Deleted : C:\Users\Martin\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #3259 [JRT Pre-Junkware Removal | 07/13/2017 19:53:40]
Deleted : RP #3260 [Installed Sophos Virus Removal Tool. | 07/13/2017 20:02:45]
Deleted : RP #3261 [zoek.exe restore point | 07/14/2017 19:35:06]
Deleted : RP #3263 [Zemana AntiMalware 14.7.2017 22:30:41 | 07/14/2017 20:30:46]
Deleted : RP #3264 [ComboFix created restore point | 07/16/2017 08:04:37]

New restore point created !

########## - EOF - ##########

Re: Prosím o kontrolu

Příspěvekod martinb01 » 16 črc 2017 17:16

Pořád špatné...

člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43072
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 16 črc 2017 18:04

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.: ... ool/dl/81/
64bit.: ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 18:42

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Martin (administrator) on HOME (17-07-2017 18:43:38)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-03] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-18] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer]

Internet Explorer:
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp:// ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:// ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp:// ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp:// ...

FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default [2017-07-14]
FF NewTab: Mozilla\Firefox\Profiles\77cajyaj.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\77cajyaj.default -> about:home
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [not signed]
FF Plugin: -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin:,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation)
FF Plugin:,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation)
FF Plugin:,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin:,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin:;version= -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin:;version= -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (Avast SafePrice) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-14]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-14] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-07-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-03] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-14] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-14] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-14] (Zemana Ltd.)
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 18:43 - 2017-07-17 18:44 - 00013750 _____ C:\Users\Martin\Desktop\FRST.txt
2017-07-17 18:43 - 2017-07-17 18:43 - 00000000 ____D C:\FRST
2017-07-17 18:42 - 2017-07-17 16:22 - 01780736 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2017-07-14 22:00 - 2017-07-17 18:44 - 00058863 _____ C:\Windows\ZAM.krnl.trace
2017-07-14 22:00 - 2017-07-17 18:44 - 00045738 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00001693 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-14 21:59 - 2017-07-14 21:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
2017-07-14 21:58 - 2017-07-14 21:58 - 06589840 _____ (Zemana Ltd. ) C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
2017-07-14 21:51 - 2017-07-14 21:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-13 22:05 - 2017-07-13 22:05 - 00000000 ____D C:\ProgramData\Sophos
2017-07-13 22:04 - 2017-07-13 22:04 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-13 22:04 - 2017-07-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-13 22:03 - 2017-07-13 22:03 - 00000000 ____D C:\Program Files\Sophos
2017-07-13 20:43 - 2017-07-13 20:44 - 171309576 _____ (Sophos Limited) C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
2017-07-12 20:59 - 2017-07-14 18:31 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-12 20:59 - 2017-07-12 20:59 - 00001821 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-12 20:59 - 2017-07-12 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-12 20:59 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-12 20:58 - 2017-07-12 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-12 20:58 - 2017-07-11 21:15 - 65033984 _____ (Malwarebytes ) C:\Users\Martin\Desktop\mb3-setup-consumer-
2017-07-10 12:59 - 2017-02-11 17:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-10 12:46 - 2017-07-10 12:46 - 01237796 _____ C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
2017-07-10 11:51 - 2017-07-10 11:51 - 01237796 _____ C:\Users\Martin\Downloads\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu
2017-07-10 11:51 - 2017-07-10 11:51 - 00000000 ____D C:\25313335900d7f696160167d00a5
2017-07-03 17:33 - 2017-07-03 17:33 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-16 16:41 - 2015-10-28 09:42 - 00001446 _____ C:\DelFix.txt
2017-07-16 16:41 - 2007-01-08 23:09 - 00673764 _____ C:\Windows\system32\perfh005.dat
2017-07-16 16:41 - 2007-01-08 23:09 - 00142560 _____ C:\Windows\system32\perfc005.dat
2017-07-16 16:41 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-16 16:41 - 2006-11-02 12:33 - 01595062 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 14:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-16 14:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-16 13:20 - 2008-03-03 08:31 - 00043008 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-16 10:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 10:14 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2017-07-16 10:13 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-16 10:13 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 10:11 - 2006-11-02 15:01 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-16 10:04 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2017-07-15 10:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-14 22:31 - 2010-07-09 15:38 - 00000000 ____D C:\Users\Martin\Downloads\Uniblue 2009 (SpeedUpMyPC + RegistryBooster + DriverScanner){H33T}{JOHNCANADUDE}
2017-07-14 22:06 - 2008-02-29 17:28 - 00000000 ____D C:\Users\Martin
2017-07-14 21:34 - 2017-06-16 17:39 - 05216768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-07-14 21:34 - 2012-05-24 23:20 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-14 21:34 - 2011-06-20 11:18 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-14 21:34 - 2007-11-23 16:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-14 20:49 - 2015-01-27 22:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 06:09 - 2011-08-10 16:36 - 00000000 ____D C:\Program Files\Ultimate Process Manager
2017-07-12 20:58 - 2011-08-15 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 12:15 - 2013-08-19 09:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-10 12:06 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-07-03 17:35 - 2014-04-15 00:37 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-03 17:33 - 2015-08-28 15:04 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-03 17:33 - 2015-06-23 19:48 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-03 17:33 - 2014-04-30 18:05 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2017-07-16 13:20 - 0043008 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

Some files in TEMP:
2017-07-16 13:19 - 2017-07-16 13:19 - 39473240 _____ (PandoraTV) C:\Users\Martin\AppData\Local\temp\KMP_4.2.1.4.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 10:28

==================== End of FRST.txt ============================

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 18:42

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 18:44:30)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: -
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: - )
Corel Graphics Suite 11 (HKLM\...\{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation) Hidden
Creative PCI Audio Drivers (HKLM\...\SBPCIUnInstall) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
FormApps Signing Extension (HKLM\...\{801F9351-A8A7-441D-9398-6A56E143E316}) (Version: - Software602 a.s.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KeyProwler Keylogger (HKLM\...\{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}) (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes verze (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: - AVG Technologies CZ, s.r.o.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers01: [ABBYYPDFContextMenuExtension] -> {83903CAB-2FC1-40f6-8B82-DF123A5FB9E3} => C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll [2004-08-05] (ABBYY (BIT Software))
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2007-11-06] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0ABB3986-F567-4332-9482-383475F1D4F0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {5519E6B1-D98D-44FB-A304-ABCE430ADAC0} - System32\Tasks\SafeZone scheduled Autoupdate 1451305697 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => C:\Windows\system32\pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CB1F8EF2-0196-4FD6-851E-B816CB9289BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://
Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://

==================== Loaded Modules (Whitelisted) ==============

2017-07-03 17:33 - 2017-07-03 17:33 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-15 12:43 - 2017-07-15 12:43 - 05781504 _____ () C:\Program Files\AVAST Software\Avast\defs\17071500\algo.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-16 16:36 - 2017-07-16 16:36 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071600\algo.dll
2008-03-29 12:15 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-29 12:15 - 2007-10-02 16:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2017-07-14 22:00 - 2017-07-14 22:00 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2017-07-03 17:33 - 2017-07-03 17:33 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-01-02 19:59 - 2017-01-02 19:59 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-03 17:33 - 2017-07-03 17:35 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->

There are 7643 more sites.

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ -> hxxps://
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ -> hxxp://
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->

There are 7680 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-15 10:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{31C7D85A-EA17-41F0-8243-1F35FB9F21AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-07-2017 16:40:49 End of disinfection

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (07/16/2017 04:40:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.

Shromažďování dat modulu pro zápis

ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {f578c65c-fc8a-4733-ba36-a325faacbd18}

Error: (07/16/2017 10:14:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xcd8, čas spuštění aplikace 0x01d2fe0b83924a7b.

Error: (07/15/2017 10:28:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xc90, čas spuštění aplikace 0x01d2fd443197e202.

Error: (07/15/2017 10:17:56 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Kontext: aplikace Windows, katalog SystemIndex

Metadata indexu obsahu nelze číst. (0xc0041801)

Error: (07/15/2017 10:17:56 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4212) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (07/14/2017 10:30:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.

Shromažďování dat modulu pro zápis

ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb874e01-e623-475a-a038-0c0f3dbb730d}

Error: (07/14/2017 09:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x84, čas spuštění aplikace 0x01d2fcdb017d77f3.

Error: (07/13/2017 09:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xdfc, čas spuštění aplikace 0x01d2fc10569bb3f3.

Error: (07/12/2017 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x858, čas spuštění aplikace 0x01d2fb3920a9d7fb.

Error: (07/11/2017 03:18:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu PNRPsvc v knihovně DLL C:\Windows\system32\pnrpperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

System errors:
Error: (07/17/2017 06:45:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/17/2017 06:44:47 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/17/2017 06:35:46 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (07/16/2017 04:35:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (07/16/2017 10:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/16/2017 10:14:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).

Error: (07/15/2017 10:25:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/15/2017 10:20:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/15/2017 10:15:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (07/15/2017 10:14:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Date: 2017-07-17 18:44:25.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:24.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:24.160
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:23.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:22.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:22.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:21.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-15 10:17:49.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-15 10:17:49.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 2037.58 MB
Available physical RAM: 912.55 MB
Total Virtual: 4312.19 MB
Available Virtual: 2607 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:204.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:48.65 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43072
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 17 črc 2017 19:41

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://{searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp:// ...
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->


(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak udělej znovu sken FRST.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:43

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 20:40:48) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal


fixlist content:
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://{searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp:// ...
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://
U3 axksdo4f; C:\Windows\system32\Drivers\axksdo4f.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)
Task: {8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {94460280-D3E6-4E4B-B9C9-7083A866C95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->


Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully.
HKLM\System\CurrentControlSet\Services\axksdo4f => key removed successfully.
axksdo4f => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC73E3A-D6FD-4F7E-B750-F8B56B7F0000} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94460280-D3E6-4E4B-B9C9-7083A866C95F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94460280-D3E6-4E4B-B9C9-7083A866C95F} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5461148 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1776 B
Edge => 0 B
Chrome => 78210503 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 424 B
LocalService => 0 B
NetworkService => 0 B
Martin => 40193296 B

RecycleBin => 0 B
EmptyTemp: => 126.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:41:09 ====

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:53

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by Martin (administrator) on HOME (17-07-2017 20:49:31)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-03] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-18] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer]

Internet Explorer:
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp:// ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:// ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp:// ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-03] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation)

FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default [2017-07-14]
FF NewTab: Mozilla\Firefox\Profiles\77cajyaj.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\77cajyaj.default -> about:home
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15] [not signed]
FF Plugin: -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin:,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation)
FF Plugin:,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation)
FF Plugin:,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin:,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin:;version= -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin:;version= -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-14] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-07-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-03] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-03] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-14] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-14] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-14] (Zemana Ltd.)
U3 afbgfrht; C:\Windows\system32\Drivers\afbgfrht.sys [0 ] (VIA Technologies Inc.,Ltd) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:49 - 2017-07-17 20:54 - 00012767 _____ C:\Users\Martin\Desktop\FRST.txt
2017-07-17 20:40 - 2017-07-17 20:41 - 00014298 _____ C:\Users\Martin\Desktop\Fixlog.txt
2017-07-17 18:43 - 2017-07-17 20:49 - 00000000 ____D C:\FRST
2017-07-17 18:42 - 2017-07-17 16:22 - 01780736 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2017-07-14 22:00 - 2017-07-17 20:51 - 00026880 _____ C:\Windows\ZAM.krnl.trace
2017-07-14 22:00 - 2017-07-17 20:51 - 00015013 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-14 22:00 - 2017-07-14 22:00 - 00001693 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-14 22:00 - 2017-07-14 22:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-14 21:59 - 2017-07-14 21:59 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
2017-07-14 21:58 - 2017-07-14 21:58 - 06589840 _____ (Zemana Ltd. ) C:\Users\Martin\Desktop\Zemana.AntiMalware.Setup.exe
2017-07-14 21:51 - 2017-07-14 21:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-13 22:05 - 2017-07-13 22:05 - 00000000 ____D C:\ProgramData\Sophos
2017-07-13 22:04 - 2017-07-13 22:04 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-13 22:04 - 2017-07-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-13 22:03 - 2017-07-13 22:03 - 00000000 ____D C:\Program Files\Sophos
2017-07-13 20:43 - 2017-07-13 20:44 - 171309576 _____ (Sophos Limited) C:\Users\Martin\Desktop\Sophos Virus Removal Tool.exe
2017-07-12 20:59 - 2017-07-14 18:31 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-12 20:59 - 2017-07-14 18:23 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-12 20:59 - 2017-07-12 20:59 - 00001821 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-12 20:59 - 2017-07-12 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-12 20:59 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-12 20:58 - 2017-07-12 20:58 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-12 20:58 - 2017-07-11 21:15 - 65033984 _____ (Malwarebytes ) C:\Users\Martin\Desktop\mb3-setup-consumer-
2017-07-10 12:59 - 2017-02-11 17:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-10 12:46 - 2017-07-10 12:46 - 01237796 _____ C:\Users\Martin\Desktop\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c (1).msu
2017-07-10 11:51 - 2017-07-10 11:51 - 01237796 _____ C:\Users\Martin\Downloads\windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu
2017-07-10 11:51 - 2017-07-10 11:51 - 00000000 ____D C:\25313335900d7f696160167d00a5
2017-07-03 17:33 - 2017-07-03 17:33 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:46 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2017-07-17 20:43 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 20:43 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 20:43 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 20:42 - 2006-11-02 15:01 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-17 18:44 - 2007-01-08 23:09 - 00673764 _____ C:\Windows\system32\perfh005.dat
2017-07-17 18:44 - 2007-01-08 23:09 - 00142560 _____ C:\Windows\system32\perfc005.dat
2017-07-17 18:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-17 18:44 - 2006-11-02 12:33 - 01595062 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 16:41 - 2015-10-28 09:42 - 00001446 _____ C:\DelFix.txt
2017-07-16 13:20 - 2008-03-03 08:31 - 00043008 _____ C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-16 10:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 10:13 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 10:04 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2017-07-15 10:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-14 22:31 - 2010-07-09 15:38 - 00000000 ____D C:\Users\Martin\Downloads\Uniblue 2009 (SpeedUpMyPC + RegistryBooster + DriverScanner){H33T}{JOHNCANADUDE}
2017-07-14 22:06 - 2008-02-29 17:28 - 00000000 ____D C:\Users\Martin
2017-07-14 21:34 - 2017-06-16 17:39 - 05216768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-07-14 21:34 - 2012-05-24 23:20 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-14 21:34 - 2011-06-20 11:18 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-14 21:34 - 2007-11-23 16:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-14 20:49 - 2015-01-27 22:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 06:09 - 2011-08-10 16:36 - 00000000 ____D C:\Program Files\Ultimate Process Manager
2017-07-12 20:58 - 2011-08-15 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 12:15 - 2013-08-19 09:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-10 12:06 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-07-03 17:35 - 2014-04-15 00:37 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-03 17:33 - 2017-03-09 18:14 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-03 17:33 - 2015-08-28 15:04 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-03 17:33 - 2015-06-23 19:48 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-03 17:33 - 2014-04-30 18:05 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-03 17:33 - 2014-04-15 00:37 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2017-07-16 13:20 - 0043008 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-17 20:49

==================== End of FRST.txt ============================

Re: Prosím o kontrolu

Příspěvekod martinb01 » 17 črc 2017 20:54

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by Martin (17-07-2017 20:54:40)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: -
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: - )
Corel Graphics Suite 11 (HKLM\...\{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation) Hidden
Creative PCI Audio Drivers (HKLM\...\SBPCIUnInstall) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
FormApps Signing Extension (HKLM\...\{801F9351-A8A7-441D-9398-6A56E143E316}) (Version: - Software602 a.s.)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KeyProwler Keylogger (HKLM\...\{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}) (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes verze (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: - AVG Technologies CZ, s.r.o.)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers01: [ABBYYPDFContextMenuExtension] -> {83903CAB-2FC1-40f6-8B82-DF123A5FB9E3} => C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll [2004-08-05] (ABBYY (BIT Software))
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2007-12-06] (Igor Pavlov)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-02-26] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2007-11-06] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-14] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-03] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-09-20] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0ABB3986-F567-4332-9482-383475F1D4F0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {5519E6B1-D98D-44FB-A304-ABCE430ADAC0} - System32\Tasks\SafeZone scheduled Autoupdate 1451305697 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => C:\Windows\system32\pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {CB1F8EF2-0196-4FD6-851E-B816CB9289BB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-03] (AVAST Software)
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://
Shortcut: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://

==================== Loaded Modules (Whitelisted) ==============

2017-07-03 17:33 - 2017-07-03 17:33 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-17 20:37 - 2017-07-17 20:37 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071712\algo.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2008-03-29 12:15 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-29 12:15 - 2007-10-02 16:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2017-07-14 22:00 - 2017-07-14 22:00 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2007-05-11 00:49 - 2007-05-11 00:49 - 00017024 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00134928 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 01032744 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-01-02 19:59 - 2017-01-02 19:59 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-03 17:33 - 2017-07-03 17:33 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-03 17:33 - 2017-07-03 17:35 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->
IE restricted site: HKU\.DEFAULT\...\ ->

There are 7623 more sites.

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ -> hxxps://
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ -> hxxp://
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->
IE restricted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\ ->

There are 7660 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-15 10:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{31C7D85A-EA17-41F0-8243-1F35FB9F21AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-07-2017 16:40:49 End of disinfection

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (07/17/2017 08:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xd80, čas spuštění aplikace 0x01d2ff2cc5356a31.

Error: (07/16/2017 04:40:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.

Shromažďování dat modulu pro zápis

ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {f578c65c-fc8a-4733-ba36-a325faacbd18}

Error: (07/16/2017 10:14:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xcd8, čas spuštění aplikace 0x01d2fe0b83924a7b.

Error: (07/15/2017 10:28:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xc90, čas spuštění aplikace 0x01d2fd443197e202.

Error: (07/15/2017 10:17:56 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Kontext: aplikace Windows, katalog SystemIndex

Metadata indexu obsahu nelze číst. (0xc0041801)

Error: (07/15/2017 10:17:56 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4212) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (07/14/2017 10:30:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.

Shromažďování dat modulu pro zápis

ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb874e01-e623-475a-a038-0c0f3dbb730d}

Error: (07/14/2017 09:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x84, čas spuštění aplikace 0x01d2fcdb017d77f3.

Error: (07/13/2017 09:43:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xdfc, čas spuštění aplikace 0x01d2fc10569bb3f3.

Error: (07/12/2017 08:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x858, čas spuštění aplikace 0x01d2fb3920a9d7fb.

System errors:
Error: (07/17/2017 08:43:33 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (07/17/2017 08:43:28 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (07/17/2017 08:41:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (07/17/2017 08:40:50 PM) (Source: LSM) (EventID: 1048) (User: )
Description: Spuštění Terminálové služby se nezdařilo. Příslušný kód stavu je Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Fujitsu Siemens Computers Diagnostic Testhandler byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/17/2017 08:40:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (07/17/2017 06:45:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Zapůjčení adresy IP pro síťovou kartu s adresou 0019214F22B6 byla serverem DHCP odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Date: 2017-07-17 20:54:28.425
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:27.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:25.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:25.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:24.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 20:54:23.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 18:44:25.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 2037.58 MB
Available physical RAM: 463.52 MB
Total Virtual: 4316.19 MB
Available Virtual: 2546.73 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:205.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:48.65 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

