Prosím o kontrolu-velmi zpomalený PC Vyřešeno

[martinb01]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by Martin (administrator) on HOME (13-10-2015 11:16:42)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-28] (AVAST Software)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-28] (AVAST Software)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2011-08-11] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {3EA89A45-8F69-4CFF-AEED-B78C04B41103} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [not found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=_ ... smkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-15]
CHR HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-28] (Avast Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-09-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [157888 2015-09-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-28] (AVAST Software)
R0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.) [File not signed]
R1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-28] (AVAST Software)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-28] (Avast Software)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U3 asw4h90t; C:\Windows\system32\Drivers\asw4h90t.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 11:16 - 2015-10-13 11:17 - 00014860 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-13 11:16 - 2015-10-13 11:16 - 00000000 ____D C:\FRST
2015-10-13 11:16 - 2015-10-13 11:15 - 01699840 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-10-13 11:15 - 2015-10-13 11:15 - 01699840 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 03908184 _____ (Crystal Dew World ) C:\Users\Martin\Downloads\CrystalDiskInfo6_5_2-en.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 00001731 _____ C:\Users\Martin\Desktop\CrystalDiskInfo.lnk
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2015-10-12 10:41 - 2015-10-12 10:41 - 00015201 _____ C:\Users\Martin\Downloads\MemTest.zip
2015-10-12 10:41 - 2015-10-12 10:41 - 00000000 ____D C:\Users\Martin\AppData\Roaming\WinRAR
2015-10-12 00:22 - 2015-10-12 00:22 - 00849717 _____ C:\Users\Martin\Downloads\11019050_965923916759593_179713112_n.mp4
2015-10-06 22:49 - 2015-10-06 22:49 - 00004757 _____ C:\Users\Martin\Desktop\hijackthis2
2015-10-06 22:37 - 2015-10-06 22:37 - 00201728 _____ (OldTimer Tools) C:\Users\Martin\Downloads\OTC.exe
2015-10-06 22:30 - 2015-10-06 22:32 - 00000000 ___SD C:\32788R22FWJFW
2015-10-06 01:03 - 2015-10-06 01:03 - 00000512 _____ C:\Users\Martin\Desktop\MBR.dat
2015-10-06 00:52 - 2015-10-06 00:52 - 05200384 _____ (AVAST Software) C:\Users\Martin\Downloads\aswmbr.exe
2015-10-05 22:39 - 2015-10-05 22:39 - 05636125 _____ (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2015-10-05 22:32 - 2015-10-05 22:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-10-05 22:04 - 2015-10-05 22:34 - 00008879 _____ C:\zoek-results.log
2015-10-05 22:02 - 2015-10-05 22:31 - 00000000 ____D C:\zoek_backup
2015-10-05 22:01 - 2015-10-05 22:02 - 01309184 _____ C:\Users\Martin\Downloads\zoek.exe
2015-10-05 21:44 - 2015-10-05 21:44 - 00000000 ____D C:\AdwCleaner
2015-10-05 09:01 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Desktop\AdwCleaner.exe
2015-10-05 09:00 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Downloads\AdwCleaner.exe
2015-10-04 16:56 - 2015-10-04 17:27 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 16:55 - 2015-10-04 16:55 - 18801736 _____ C:\Users\Martin\Downloads\RogueKiller.exe
2015-10-04 16:42 - 2015-10-04 16:43 - 01801288 _____ (Malwarebytes) C:\Users\Martin\Downloads\JRT.exe
2015-09-30 20:22 - 2015-09-30 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-30 18:31 - 2015-09-30 18:31 - 00448512 _____ (OldTimer Tools) C:\Users\Martin\Downloads\TFC (1).exe
2015-09-29 12:49 - 2015-09-29 12:49 - 00004626 _____ C:\Users\Martin\Desktop\hijackthis.log
2015-09-29 12:47 - 2015-09-29 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Martin\Downloads\HijackThis (1).exe
2015-09-29 10:07 - 2015-10-05 09:40 - 00000000 ____D C:\snapshots
2015-09-28 14:47 - 2015-09-28 14:45 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-28 14:45 - 2015-09-28 14:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 11:11 - 2015-05-16 00:34 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-13 10:34 - 2015-04-15 16:58 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-13 10:30 - 2013-10-01 10:40 - 01102953 _____ C:\Windows\WindowsUpdate.log
2015-10-13 10:28 - 2015-05-16 00:34 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 10:28 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-13 10:28 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-12 14:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-12 14:19 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-10-12 00:23 - 2015-02-11 13:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-10-11 18:11 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 08:53 - 2006-11-02 15:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-06 22:39 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-06 22:33 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2015-10-06 00:37 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-10-05 09:07 - 2015-01-27 22:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-04 16:14 - 2015-02-27 08:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:23 - 2015-02-27 08:29 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 20:23 - 2015-02-27 08:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-30 20:23 - 2015-02-26 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 23:00 - 2012-05-07 06:35 - 00001937 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 14:46 - 2015-08-28 15:04 - 00157888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-09-28 14:46 - 2014-04-30 18:05 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-28 14:43 - 2015-06-23 19:48 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-09-28 14:43 - 2014-04-15 00:37 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-28 14:41 - 2015-08-28 15:04 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-28 14:34 - 2015-08-12 07:47 - 18306248 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-28 14:34 - 2012-05-24 23:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-28 14:34 - 2011-06-20 11:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-14 21:06 - 2009-02-11 11:52 - 00000000 ____D C:\Users\Martin\AppData\Local\Google
2015-09-13 20:43 - 2015-01-05 23:40 - 00000000 ____D C:\Users\Martin\Desktop\My

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.cat
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2015-08-04 21:59 - 0243712 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 18:29

==================== End of FRST.txt ============================

[Reklama]

[martinb01]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-10-2015
Ran by Martin (2015-10-13 11:17:38)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}_Adobe Reader 8 - Czech) (Version: - )
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3. (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD 3.2.0.52 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.2.0.52 - )
Corel Graphics Suite 11 (HKLM\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KeyProwler Keylogger (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes Anti-Malware verze 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: 11.5.22.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

06-10-2015 20:00:43 Windows Update
07-10-2015 20:00:33 Windows Update
08-10-2015 20:00:33 Windows Update
09-10-2015 20:01:11 Windows Update
11-10-2015 18:15:44 Windows Update
11-10-2015 20:00:40 Windows Update
12-10-2015 15:35:05 Naplánovaný kontrolní bod
12-10-2015 20:00:34 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-10-06 00:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03CAFD5F-4B5E-45C3-BB09-A311CF5A1E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {15C59F88-103D-4E7A-9F39-CE765F73D3F1} - System32\Tasks\{86750BBF-8308-4353-92DE-7D29A9D62ADE} => pcalua.exe -a C:\Users\Martin\Downloads\Keytrap.exe -d C:\Users\Martin\Downloads
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC} - System32\Tasks\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF} => pcalua.exe -a "C:\Program Files\SpyMyPC\unins000.exe"
Task: {4170111B-7F98-4522-AC13-B10F94405DA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-28] (AVAST Software)
Task: {4C4C4980-581F-426B-8F11-D629678DB42B} - System32\Tasks\{9932A41C-F74E-4B32-A223-B51B7F09006E} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/en/a ... age=tsMain
Task: {5A315E57-6FEE-434B-9FB7-971A407AC9C3} - System32\Tasks\{C42459D8-F76E-4033-B4B3-14ED257CFA75} => pcalua.exe -a C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe -d C:\Users\Martin\Downloads
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6C52385E-5F0C-4036-A1AA-F57509B7944E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8D70A5B3-7027-4A10-A17F-992771591948} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Martin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {905A72A0-927B-416D-8005-B35F6481872F} - \avastBCLRestartS-1-5-21-2273070986-1392902156-3200417566-1000 -> No File <==== ATTENTION
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {CD7CF85A-9548-4C5C-9286-7B4BC69482C6} - System32\Tasks\Launch 24066 => C:\Program Files\Keyboard Express 3\UnInstHKCU.exe <==== ATTENTION
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-28] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-15 10:44 - 2015-09-28 14:45 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-15 10:44 - 2015-09-28 14:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-09 22:54 - 2015-10-09 22:54 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15100901\algo.dll
2015-10-11 18:14 - 2015-10-11 18:14 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101100\algo.dll
2015-10-13 10:28 - 2015-10-13 10:28 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101202\algo.dll
2008-03-29 12:15 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-03-29 12:15 - 2007-10-02 16:41 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2015-03-13 22:42 - 2015-09-28 14:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304 (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304 (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15382 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{9F4D643E-1D00-407F-9139-637C02B38F18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FF7D3C4F-1F19-49E3-91D1-82370B7EDF30}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BEA841EB-007B-415B-8683-381B39C3603D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2015 08:03:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/12/2015 08:03:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB907417): OTKLOADR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/12/2015 08:03:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB2543854): APDATA produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/12/2015 08:03:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Aktualizace SP-3 (Service Pack 3) produktu Office 2003: MAINSP3 produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/12/2015 12:53:33 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Metadata indexu obsahu nelze číst. (0xc0041801)

Error: (10/12/2015 12:53:33 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (2900) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (10/12/2015 12:52:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (2900) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen (0).

Error: (10/11/2015 08:02:35 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/11/2015 08:02:31 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB907417): OTKLOADR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/11/2015 08:02:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB2543854): APDATA produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (10/13/2015 10:28:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace pro: Outlook 2003 Junk E-mail Filter (KB2863822){C9951AE6-3676-4751-B4CE-B94A5DF7E010}200

Error: (10/13/2015 10:27:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (10/12/2015 08:03:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Office 2003 (KB907417){79AE03DF-D6EB-4DE2-B59F-37E963D7A69E}101

Error: (10/12/2015 08:03:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Microsoft Office 2003 (KB2543854){1E2A55D2-BE5F-42DA-86A4-8A4135816201}101

Error: (10/12/2015 08:03:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace Microsoft Office 2003 Service Pack 3 (SP3){E2BD7F45-47F9-402F-8FDA-14F78030FE70}111

Error: (10/12/2015 06:35:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (10/12/2015 08:39:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (10/11/2015 11:09:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace pro: Outlook 2003 Junk E-mail Filter (KB2863822){C9951AE6-3676-4751-B4CE-B94A5DF7E010}200

Error: (10/11/2015 08:02:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Office 2003 (KB907417){79AE03DF-D6EB-4DE2-B59F-37E963D7A69E}101

Error: (10/11/2015 08:02:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Microsoft Office 2003 (KB2543854){1E2A55D2-BE5F-42DA-86A4-8A4135816201}101


CodeIntegrity:
===================================
Date: 2015-10-13 11:17:08.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 11:17:08.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 11:17:08.174
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 11:17:07.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:25.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:25.062
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:24.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:24.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:23.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-05 22:48:23.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 2037.58 MB
Available physical RAM: 1073.64 MB
Total Virtual: 4312.19 MB
Available Virtual: 3050.8 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:182.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:12.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[jaro3]

SpyMyPC (keylogger) to tam máš schválně?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {3EA89A45-8F69-4CFF-AEED-B78C04B41103} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
FF NewTab: about:newtab
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [not found]
U3 asw4h90t; C:\Windows\system32\Drivers\asw4h90t.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\32788R22FWJFW
C:\Users\Martin\Downloads\ComboFix.exe
C:\Windows\WindowsUpdate.log
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
Task: {03CAFD5F-4B5E-45C3-BB09-A311CF5A1E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C52385E-5F0C-4036-A1AA-F57509B7944E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {905A72A0-927B-416D-8005-B35F6481872F} - \avastBCLRestartS-1-5-21-2273070986-1392902156-3200417566-1000 -> No File <==== ATTENTION
Task: {CD7CF85A-9548-4C5C-9286-7B4BC69482C6} - System32\Tasks\Launch 24066 => C:\Program Files\Keyboard Express 3\UnInstHKCU.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

CDI údaj se mění rychle.

[martinb01]

SpyMyPC tam schválně nemám. Potřebuji ho zlikvidovat.

[martinb01]

Fix result of Farbar Recovery Scan Tool (x86) Version:12-10-2015
Ran by Martin (2015-10-13 22:24:11) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000 -> {3EA89A45-8F69-4CFF-AEED-B78C04B41103} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
FF NewTab: about:newtab
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [not found]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [not found]
U3 asw4h90t; C:\Windows\system32\Drivers\asw4h90t.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\32788R22FWJFW
C:\Users\Martin\Downloads\ComboFix.exe
C:\Windows\WindowsUpdate.log
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
Task: {03CAFD5F-4B5E-45C3-BB09-A311CF5A1E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C52385E-5F0C-4036-A1AA-F57509B7944E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {905A72A0-927B-416D-8005-B35F6481872F} - \avastBCLRestartS-1-5-21-2273070986-1392902156-3200417566-1000 -> No File <==== ATTENTION
Task: {CD7CF85A-9548-4C5C-9286-7B4BC69482C6} - System32\Tasks\Launch 24066 => C:\Program Files\Keyboard Express 3\UnInstHKCU.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3EA89A45-8F69-4CFF-AEED-B78C04B41103}" => key removed successfully.
HKCR\CLSID\{3EA89A45-8F69-4CFF-AEED-B78C04B41103} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
Firefox "newtab" removed successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} => path removed successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => path removed successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} => path removed successfully.
asw4h90t => service removed successfully.
C:\32788R22FWJFW => moved successfully
C:\Users\Martin\Downloads\ComboFix.exe => moved successfully
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03CAFD5F-4B5E-45C3-BB09-A311CF5A1E13}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03CAFD5F-4B5E-45C3-BB09-A311CF5A1E13}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C52385E-5F0C-4036-A1AA-F57509B7944E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C52385E-5F0C-4036-A1AA-F57509B7944E}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{905A72A0-927B-416D-8005-B35F6481872F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{905A72A0-927B-416D-8005-B35F6481872F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-2273070986-1392902156-3200417566-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD7CF85A-9548-4C5C-9286-7B4BC69482C6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD7CF85A-9548-4C5C-9286-7B4BC69482C6}" => key removed successfully.
C:\Windows\System32\Tasks\Launch 24066 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Launch 24066" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully.
EmptyTemp: => 449.6 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-14 00:19:10)

C:\Windows\WindowsUpdate.log => is moved successfully

==== End of Fixlog 00:19:10 ====

[jaro3]

SpyMyPC tam schválně nemám. Potřebuji ho zlikvidovat.

Aha , tak udělej znovu sken v FRST.

[martinb01]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-10-2015 01
Ran by Martin (administrator) on HOME (15-10-2015 17:18:52)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-28] (AVAST Software)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-28] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2011-08-11] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=_ ... smkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-15]
CHR HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-28] (Avast Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-09-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [157888 2015-09-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-28] (AVAST Software)
R0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.) [File not signed]
R1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-28] (AVAST Software)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-28] (Avast Software)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U3 a0cv6feo; C:\Windows\system32\Drivers\a0cv6feo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 17:18 - 2015-10-15 17:18 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2015-10-14 00:21 - 2015-10-15 17:12 - 00230352 _____ C:\Windows\WindowsUpdate.log
2015-10-14 00:18 - 2015-10-14 00:18 - 00000774 _____ C:\Windows\PFRO.log
2015-10-13 11:17 - 2015-10-13 11:19 - 00031994 _____ C:\Users\Martin\Desktop\Addition.txt
2015-10-13 11:16 - 2015-10-15 17:18 - 01700352 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-10-13 11:16 - 2015-10-15 17:18 - 00013120 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-13 11:16 - 2015-10-15 17:18 - 00000000 ____D C:\FRST
2015-10-13 11:15 - 2015-10-13 11:15 - 01699840 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 03908184 _____ (Crystal Dew World ) C:\Users\Martin\Downloads\CrystalDiskInfo6_5_2-en.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 00001731 _____ C:\Users\Martin\Desktop\CrystalDiskInfo.lnk
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2015-10-12 10:41 - 2015-10-12 10:41 - 00015201 _____ C:\Users\Martin\Downloads\MemTest.zip
2015-10-12 10:41 - 2015-10-12 10:41 - 00000000 ____D C:\Users\Martin\AppData\Roaming\WinRAR
2015-10-12 00:22 - 2015-10-12 00:22 - 00849717 _____ C:\Users\Martin\Downloads\11019050_965923916759593_179713112_n.mp4
2015-10-06 22:49 - 2015-10-06 22:49 - 00004757 _____ C:\Users\Martin\Desktop\hijackthis2
2015-10-06 22:37 - 2015-10-06 22:37 - 00201728 _____ (OldTimer Tools) C:\Users\Martin\Downloads\OTC.exe
2015-10-06 01:03 - 2015-10-06 01:03 - 00000512 _____ C:\Users\Martin\Desktop\MBR.dat
2015-10-06 00:52 - 2015-10-06 00:52 - 05200384 _____ (AVAST Software) C:\Users\Martin\Downloads\aswmbr.exe
2015-10-05 22:32 - 2015-10-05 22:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-10-05 22:04 - 2015-10-05 22:34 - 00008879 _____ C:\zoek-results.log
2015-10-05 22:02 - 2015-10-05 22:31 - 00000000 ____D C:\zoek_backup
2015-10-05 22:01 - 2015-10-05 22:02 - 01309184 _____ C:\Users\Martin\Downloads\zoek.exe
2015-10-05 21:44 - 2015-10-05 21:44 - 00000000 ____D C:\AdwCleaner
2015-10-05 09:01 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Desktop\AdwCleaner.exe
2015-10-05 09:00 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Downloads\AdwCleaner.exe
2015-10-04 16:56 - 2015-10-04 17:27 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 16:55 - 2015-10-04 16:55 - 18801736 _____ C:\Users\Martin\Downloads\RogueKiller.exe
2015-10-04 16:42 - 2015-10-04 16:43 - 01801288 _____ (Malwarebytes) C:\Users\Martin\Downloads\JRT.exe
2015-09-30 20:22 - 2015-09-30 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-30 18:31 - 2015-09-30 18:31 - 00448512 _____ (OldTimer Tools) C:\Users\Martin\Downloads\TFC (1).exe
2015-09-29 12:49 - 2015-09-29 12:49 - 00004626 _____ C:\Users\Martin\Desktop\hijackthis.log
2015-09-29 12:47 - 2015-09-29 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Martin\Downloads\HijackThis (1).exe
2015-09-29 10:07 - 2015-10-05 09:40 - 00000000 ____D C:\snapshots
2015-09-28 14:47 - 2015-09-28 14:45 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-28 14:45 - 2015-09-28 14:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 17:11 - 2015-04-15 16:58 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 17:11 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-15 17:11 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 07:35 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-10-14 00:18 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-13 22:26 - 2006-11-02 15:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-12 14:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-12 00:23 - 2015-02-11 13:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-10-06 22:39 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-06 22:33 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2015-10-06 00:37 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-10-05 09:07 - 2015-01-27 22:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-04 16:14 - 2015-02-27 08:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:23 - 2015-02-27 08:29 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 20:23 - 2015-02-27 08:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-30 20:23 - 2015-02-26 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 23:00 - 2012-05-07 06:35 - 00001937 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 14:46 - 2015-08-28 15:04 - 00157888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-09-28 14:46 - 2014-04-30 18:05 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-28 14:43 - 2015-06-23 19:48 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-09-28 14:43 - 2014-04-15 00:37 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-28 14:41 - 2015-08-28 15:04 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-28 14:34 - 2015-08-12 07:47 - 18306248 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-28 14:34 - 2012-05-24 23:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-28 14:34 - 2011-06-20 11:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.cat
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2015-08-04 21:59 - 0243712 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-14 00:28

==================== End of FRST.txt ============================

[martinb01]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-10-2015 01
Ran by Martin (administrator) on HOME (15-10-2015 17:18:52)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(© 2015 Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [GTGMOUSE] => C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe [483328 2007-01-22] ()
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-28] (AVAST Software)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\Run: [BingSvc] => C:\Users\Martin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-28] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2011-08-11] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{882498C6-53A3-4545-B910-58434356C432}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-11-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=_ ... smkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-28]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-15]
CHR HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-03-11] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-28] (Avast Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2008-03-11] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-09-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [157888 2015-09-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-28] (AVAST Software)
R0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.) [File not signed]
R1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-01-16] (REALiX(tm))
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-28] (AVAST Software)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-09-03] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-28] (Avast Software)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U3 a0cv6feo; C:\Windows\system32\Drivers\a0cv6feo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 17:18 - 2015-10-15 17:18 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2015-10-14 00:21 - 2015-10-15 17:12 - 00230352 _____ C:\Windows\WindowsUpdate.log
2015-10-14 00:18 - 2015-10-14 00:18 - 00000774 _____ C:\Windows\PFRO.log
2015-10-13 11:17 - 2015-10-13 11:19 - 00031994 _____ C:\Users\Martin\Desktop\Addition.txt
2015-10-13 11:16 - 2015-10-15 17:18 - 01700352 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-10-13 11:16 - 2015-10-15 17:18 - 00013120 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-13 11:16 - 2015-10-15 17:18 - 00000000 ____D C:\FRST
2015-10-13 11:15 - 2015-10-13 11:15 - 01699840 _____ (Farbar) C:\Users\Martin\Downloads\FRST.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 03908184 _____ (Crystal Dew World ) C:\Users\Martin\Downloads\CrystalDiskInfo6_5_2-en.exe
2015-10-12 14:21 - 2015-10-12 14:21 - 00001731 _____ C:\Users\Martin\Desktop\CrystalDiskInfo.lnk
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-10-12 14:21 - 2015-10-12 14:21 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2015-10-12 10:41 - 2015-10-12 10:41 - 00015201 _____ C:\Users\Martin\Downloads\MemTest.zip
2015-10-12 10:41 - 2015-10-12 10:41 - 00000000 ____D C:\Users\Martin\AppData\Roaming\WinRAR
2015-10-12 00:22 - 2015-10-12 00:22 - 00849717 _____ C:\Users\Martin\Downloads\11019050_965923916759593_179713112_n.mp4
2015-10-06 22:49 - 2015-10-06 22:49 - 00004757 _____ C:\Users\Martin\Desktop\hijackthis2
2015-10-06 22:37 - 2015-10-06 22:37 - 00201728 _____ (OldTimer Tools) C:\Users\Martin\Downloads\OTC.exe
2015-10-06 01:03 - 2015-10-06 01:03 - 00000512 _____ C:\Users\Martin\Desktop\MBR.dat
2015-10-06 00:52 - 2015-10-06 00:52 - 05200384 _____ (AVAST Software) C:\Users\Martin\Downloads\aswmbr.exe
2015-10-05 22:32 - 2015-10-05 22:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-10-05 22:04 - 2015-10-05 22:34 - 00008879 _____ C:\zoek-results.log
2015-10-05 22:02 - 2015-10-05 22:31 - 00000000 ____D C:\zoek_backup
2015-10-05 22:01 - 2015-10-05 22:02 - 01309184 _____ C:\Users\Martin\Downloads\zoek.exe
2015-10-05 21:44 - 2015-10-05 21:44 - 00000000 ____D C:\AdwCleaner
2015-10-05 09:01 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Desktop\AdwCleaner.exe
2015-10-05 09:00 - 2015-10-05 09:01 - 01681920 _____ C:\Users\Martin\Downloads\AdwCleaner.exe
2015-10-04 16:56 - 2015-10-04 17:27 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 16:55 - 2015-10-04 16:55 - 18801736 _____ C:\Users\Martin\Downloads\RogueKiller.exe
2015-10-04 16:42 - 2015-10-04 16:43 - 01801288 _____ (Malwarebytes) C:\Users\Martin\Downloads\JRT.exe
2015-09-30 20:22 - 2015-09-30 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-30 18:31 - 2015-09-30 18:31 - 00448512 _____ (OldTimer Tools) C:\Users\Martin\Downloads\TFC (1).exe
2015-09-29 12:49 - 2015-09-29 12:49 - 00004626 _____ C:\Users\Martin\Desktop\hijackthis.log
2015-09-29 12:47 - 2015-09-29 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Martin\Downloads\HijackThis (1).exe
2015-09-29 10:07 - 2015-10-05 09:40 - 00000000 ____D C:\snapshots
2015-09-28 14:47 - 2015-09-28 14:45 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-28 14:45 - 2015-09-28 14:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 17:11 - 2015-04-15 16:58 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 17:11 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-15 17:11 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 07:35 - 2015-01-27 23:19 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-10-14 00:18 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-13 22:26 - 2006-11-02 15:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-12 14:21 - 2008-02-29 17:28 - 00101000 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-12 00:23 - 2015-02-11 13:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-10-06 22:39 - 2006-11-02 14:47 - 00376792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-06 22:33 - 2011-08-18 21:09 - 00000000 ____D C:\Windows\ERDNT
2015-10-06 00:37 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-10-05 09:07 - 2015-01-27 22:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-04 16:14 - 2015-02-27 08:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:23 - 2015-02-27 08:29 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 20:23 - 2015-02-27 08:29 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-30 20:23 - 2015-02-26 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 23:00 - 2012-05-07 06:35 - 00001937 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 14:46 - 2015-08-28 15:04 - 00157888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-09-28 14:46 - 2014-04-30 18:05 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-09-28 14:46 - 2014-04-15 00:37 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-28 14:43 - 2015-06-23 19:48 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-09-28 14:43 - 2014-04-15 00:37 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-28 14:41 - 2015-08-28 15:04 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-28 14:34 - 2015-08-12 07:47 - 18306248 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-28 14:34 - 2012-05-24 23:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-28 14:34 - 2011-06-20 11:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2008-03-11 18:51 - 2008-03-18 20:31 - 0000757 _____ () C:\Users\Martin\AppData\Roaming\mainhst.zgh
2008-08-31 15:23 - 2008-10-07 11:23 - 0007887 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.cat
2008-08-31 15:23 - 2008-10-07 11:23 - 0001144 _____ () C:\Users\Martin\AppData\Roaming\pcouffin.inf
2008-08-31 15:23 - 2008-10-07 11:23 - 0047360 _____ (VSO Software) C:\Users\Martin\AppData\Roaming\pcouffin.sys
2008-03-03 08:31 - 2015-08-04 21:59 - 0243712 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-20 22:17 - 2011-12-22 20:41 - 0005814 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).err
2011-12-20 22:18 - 2011-12-22 21:28 - 0001568 _____ () C:\Users\Martin\AppData\Local\SRDownloader (1).nast
2011-10-09 12:38 - 2012-04-01 22:54 - 0248341 _____ () C:\Users\Martin\AppData\Local\SRDownloader.err
2011-08-15 12:47 - 2012-04-01 23:28 - 0001344 _____ () C:\Users\Martin\AppData\Local\SRDownloader.nast
2011-03-21 23:06 - 2011-05-15 14:58 - 0220831 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].err
2011-02-17 10:15 - 2011-05-15 15:00 - 0001112 _____ () C:\Users\Martin\AppData\Local\SRDownloader[1].nast
2011-02-17 11:11 - 2011-02-17 12:24 - 0000872 _____ () C:\Users\Martin\AppData\Local\SRDownloader[2].nast

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-14 00:28

==================== End of FRST.txt ============================

[jerabina]

Poprosím tě ještě o Addition.txt

[martinb01]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-10-2015
Ran by Martin (2015-10-17 22:37:24)
Running from C:\Users\Martin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-02-29 15:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2273070986-1392902156-3200417566-500 - Administrator - Disabled)
Guest (S-1-5-21-2273070986-1392902156-3200417566-501 - Limited - Enabled)
Martin (S-1-5-21-2273070986-1392902156-3200417566-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.57 (HKLM\...\7-Zip) (Version: - )
ABBYY PDF Transformer 1.0 (HKLM\...\{4837718C-5B6E-4496-B283-FFFB5A937825}) (Version: 1.00.847.4183 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader 8 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1029-7B44-A81200000003}_Adobe Reader 8 - Czech) (Version: - )
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Aktualizace zabezpečení aplikace Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version: - Microsoft Corporation)
Any Video Converter 2.5.5 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Pro Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3. (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Combined Community Codec Pack 2007-07-22 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2007-07-22 13:55 - CCCP Project)
ConvertXtoDVD 3.2.0.52 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.2.0.52 - )
Corel Graphics Suite 11 (HKLM\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
CrystalDiskInfo 6.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DivX 4.12 Codec (HKLM\...\DivXCodec) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
FLAC codecs (HKLM\...\oggcodecs) (Version: 4.x.x - Shark007)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - )
FSC LASER MOUSE Software 1.0 (HKLM\...\FSC LASER MOUSE Software_is1) (Version: - )
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HWiNFO32 Version 4.30 (HKLM\...\HWiNFO32_is1) (Version: 4.30 - Martin Malík - REALiX)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KeyProwler Keylogger (Version: 4.0 - APAN Software) Hidden
K-Lite Codec Pack 3.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.5 - )
Malwarebytes Anti-Malware verze 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maximus (HKLM\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571029}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: 11.5.22.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 4.3.4 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-10-2015 18:15:44 Windows Update
11-10-2015 20:00:40 Windows Update
12-10-2015 15:35:05 Naplánovaný kontrolní bod
12-10-2015 20:00:34 Windows Update
13-10-2015 11:50:42 Naplánovaný kontrolní bod
13-10-2015 20:00:50 Windows Update
14-10-2015 20:00:29 Windows Update
15-10-2015 18:29:47 Naplánovaný kontrolní bod
15-10-2015 20:00:33 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-10-06 00:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04328126-0EF6-420A-9267-2F0EAE916577} - System32\Tasks\{35D42A58-3FCF-4D35-8685-4FE43D6B0638} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-18] (Společnost Microsoft)
Task: {15C59F88-103D-4E7A-9F39-CE765F73D3F1} - System32\Tasks\{86750BBF-8308-4353-92DE-7D29A9D62ADE} => pcalua.exe -a C:\Users\Martin\Downloads\Keytrap.exe -d C:\Users\Martin\Downloads
Task: {39A08419-8A95-4641-9F23-0CB2EACB22B5} - System32\Tasks\{028D7051-27FD-49A5-8791-4B12B775AA0D} => pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\BoilSoft AVI MPEG RM WMV Joiner 4.82.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC} - System32\Tasks\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF} => pcalua.exe -a "C:\Program Files\SpyMyPC\unins000.exe"
Task: {4170111B-7F98-4522-AC13-B10F94405DA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-28] (AVAST Software)
Task: {4C4C4980-581F-426B-8F11-D629678DB42B} - System32\Tasks\{9932A41C-F74E-4B32-A223-B51B7F09006E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/a ... age=tsMain
Task: {5A315E57-6FEE-434B-9FB7-971A407AC9C3} - System32\Tasks\{C42459D8-F76E-4033-B4B3-14ED257CFA75} => pcalua.exe -a C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe -d C:\Users\Martin\Downloads
Task: {6112981F-6DCE-4E34-AD11-B21D859FB5C7} - System32\Tasks\{DECB79FC-9B1E-4975-8877-BC92977E2DD3} => pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Task: {6F8D0A0C-A83B-4686-85DA-C9A7826380C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8D70A5B3-7027-4A10-A17F-992771591948} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Martin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {901CD81B-1CDC-49C7-9842-91B2E66FC1E6} - System32\Tasks\{769499C3-0FE7-4D15-BAD8-51FF9B962001} => pcalua.exe -a "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner\setup.exe" -d "C:\Users\Martin\Downloads\Boil Soft Video Splitter and Joiner"
Task: {9438BDE2-5484-4C7B-B679-B4CA812C94D0} - System32\Tasks\{0C38305F-E01D-431B-8E94-F9D215E6A0A7} => pcalua.exe -a K:\InterVideo_WinDVD_Platinum_v8.0.6.109\WinDVD8.exe -d K:\InterVideo_WinDVD_Platinum_v8.0.6.109
Task: {E74866CB-6E89-4337-9F31-4D75A97D8B26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {F316AFFE-D0A4-44FA-8C0E-2B502FA6A3EE} - System32\Tasks\{E166482B-D410-4F20-8EFE-CF71898D71F6} => pcalua.exe -a "C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HJ6WT9V\ACDSee40CZ_program[1].exe" -d C:\Users\Martin
Task: {F61EE231-A144-4AC5-8D90-5E63CACC2EE0} - System32\Tasks\{04F99E63-5C11-4BEC-9DAE-B474C46929C6} => pcalua.exe -a C:\PROGRA~1\ACOUST~3\UNWISE.EXE -c C:\PROGRA~1\ACOUST~3\INSTALL.LOG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-15 10:44 - 2015-09-28 14:45 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-15 10:44 - 2015-09-28 14:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-15 17:12 - 2015-10-15 17:12 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101502\algo.dll
2015-10-17 20:14 - 2015-10-17 20:14 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101701\algo.dll
2008-03-03 14:55 - 2007-01-22 19:44 - 00483328 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
2008-03-03 14:55 - 2006-11-23 16:07 - 00037888 _____ () C:\Program Files\FSC\LASER MOUSE\1.0\GTGMDLL.DLL
2015-03-13 22:42 - 2015-09-28 14:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304 (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304 (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Martin\Downloads\osobni_prevzeti_zbozi_-_prosim_ctete_pozorne_#160304.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\...\mojebanka.cz -> hxxp://www.mojebanka.cz

IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

There are 15362 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2273070986-1392902156-3200417566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{99CAC6B8-3FC1-4984-BEF1-2867D353A330}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8D6579AD-57E2-4F0B-8052-1DDD8511F474}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{49EBF86C-E71E-432C-B3CF-4F491F281057}] => (Allow) LPort=80
FirewallRules: [{38BEDB16-FECF-4A5E-8264-155E26D9FD05}] => (Allow) LPort=80
FirewallRules: [{8DB14249-C53C-4413-A6B3-6B17F22F0E7C}] => (Allow) LPort=80
FirewallRules: [TCP Query User{394B23A3-8975-401B-833D-564559624D85}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{C5567B19-BF93-46AC-AF0B-A81FA1C53216}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{D01D12D7-7B2C-47B9-8B08-7F2D7E44B975}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{D1BA5C7D-998F-43ED-9A9E-15F04768295C}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0CC3582C-C351-4F7B-8C94-1EB13EC31FBD}C:\users\martin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{9F4D643E-1D00-407F-9139-637C02B38F18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FF7D3C4F-1F19-49E3-91D1-82370B7EDF30}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5B05DCE6-C919-4538-8210-B6E036326138}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2015 08:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0x310, čas spuštění aplikace 0xrundll32.exe0.

Error: (10/15/2015 08:05:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/15/2015 08:04:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB907417): OTKLOADR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/15/2015 08:04:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB2543854): APDATA produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/15/2015 08:02:09 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Aktualizace SP-3 (Service Pack 3) produktu Office 2003: MAINSP3 produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/14/2015 08:02:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/14/2015 08:02:31 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB907417): OTKLOADR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/14/2015 08:02:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Update for Office 2003 (KB2543854): APDATA produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/14/2015 08:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Aktualizaci Aktualizace SP-3 (Service Pack 3) produktu Office 2003: MAINSP3 produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/14/2015 07:34:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko 0x4549b0e1, chybující modul nvapi.dll, verze 7.15.11.6906, časové razítko 0x47313029, kód výjimky 0xc0000005, posun chyby 0x00027140,
ID procesu 0xe90, čas spuštění aplikace 0xrundll32.exe0.


System errors:
=============
Error: (10/17/2015 08:11:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:26:16, 15.10.2015) bylo neočekávané.

Error: (10/15/2015 08:21:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace pro: Outlook 2003 Junk E-mail Filter (KB2863822){C9951AE6-3676-4751-B4CE-B94A5DF7E010}200

Error: (10/15/2015 08:04:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Office 2003 (KB907417){79AE03DF-D6EB-4DE2-B59F-37E963D7A69E}101

Error: (10/15/2015 08:04:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Microsoft Office 2003 (KB2543854){1E2A55D2-BE5F-42DA-86A4-8A4135816201}101

Error: (10/15/2015 08:02:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace Microsoft Office 2003 Service Pack 3 (SP3){E2BD7F45-47F9-402F-8FDA-14F78030FE70}111

Error: (10/15/2015 08:00:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (10/14/2015 11:36:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace pro: Outlook 2003 Junk E-mail Filter (KB2863822){C9951AE6-3676-4751-B4CE-B94A5DF7E010}200

Error: (10/14/2015 08:02:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Office 2003 (KB907417){79AE03DF-D6EB-4DE2-B59F-37E963D7A69E}101

Error: (10/14/2015 08:02:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace sady Microsoft Office 2003 (KB2543854){1E2A55D2-BE5F-42DA-86A4-8A4135816201}101

Error: (10/14/2015 08:02:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Aktualizace Microsoft Office 2003 Service Pack 3 (SP3){E2BD7F45-47F9-402F-8FDA-14F78030FE70}111


CodeIntegrity:
===================================
Date: 2015-10-17 22:36:40.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 22:36:40.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 22:36:39.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 22:36:39.498
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 17:19:16.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 17:19:15.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 17:19:15.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 17:19:15.019
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 11:17:08.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 11:17:08.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2037.58 MB
Available physical RAM: 1125.85 MB
Total Virtual: 4312.19 MB
Available Virtual: 3035.03 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:181.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:12.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC2F0E18)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
R0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.) [File not signed]
R1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.) [File not signed]
U3 a0cv6feo; C:\Windows\system32\Drivers\a0cv6feo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
Task: {15C59F88-103D-4E7A-9F39-CE765F73D3F1} - System32\Tasks\{86750BBF-8308-4353-92DE-7D29A9D62ADE} => pcalua.exe -a C:\Users\Martin\Downloads\Keytrap.exe -d C:\Users\Martin\Downloads
Task: {413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC} - System32\Tasks\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF} => pcalua.exe -a "C:\Program Files\SpyMyPC\unins000.exe"
C:\Program Files\SpyMyPC
Task: {5A315E57-6FEE-434B-9FB7-971A407AC9C3} - System32\Tasks\{C42459D8-F76E-4033-B4B3-14ED257CFA75} => pcalua.exe -a C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe -d C:\Users\Martin\Downloads
C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[martinb01]

Fix result of Farbar Recovery Scan Tool (x86) Version:17-10-2015
Ran by Martin (2015-10-19 20:29:50) Run:2
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
R0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.) [File not signed]
R1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.) [File not signed]
U3 a0cv6feo; C:\Windows\system32\Drivers\a0cv6feo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION
Task: {15C59F88-103D-4E7A-9F39-CE765F73D3F1} - System32\Tasks\{86750BBF-8308-4353-92DE-7D29A9D62ADE} => pcalua.exe -a C:\Users\Martin\Downloads\Keytrap.exe -d C:\Users\Martin\Downloads
Task: {413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC} - System32\Tasks\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF} => pcalua.exe -a "C:\Program Files\SpyMyPC\unins000.exe"
C:\Program Files\SpyMyPC
Task: {5A315E57-6FEE-434B-9FB7-971A407AC9C3} - System32\Tasks\{C42459D8-F76E-4033-B4B3-14ED257CFA75} => pcalua.exe -a C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe -d C:\Users\Martin\Downloads
C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

EmptyTemp:
End
*****************

Processes closed successfully.
AVG Anti-Rootkit => Unable to stop service.
AVG Anti-Rootkit => service removed successfully.
AvgArCln => Service stopped successfully.
AvgArCln => service removed successfully.
a0cv6feo => service not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Winamp Toolbar for Firefox (HKLM\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15C59F88-103D-4E7A-9F39-CE765F73D3F1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C59F88-103D-4E7A-9F39-CE765F73D3F1}" => key removed successfully.
C:\Windows\System32\Tasks\{86750BBF-8308-4353-92DE-7D29A9D62ADE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86750BBF-8308-4353-92DE-7D29A9D62ADE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{413B05C3-62F0-47E8-9C3B-1FB1BA0B19BC}" => key removed successfully.
C:\Windows\System32\Tasks\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{508B18DB-8DC2-4AED-9F7E-4C155E1858BF}" => key removed successfully.
"C:\Program Files\SpyMyPC" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A315E57-6FEE-434B-9FB7-971A407AC9C3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A315E57-6FEE-434B-9FB7-971A407AC9C3}" => key removed successfully.
C:\Windows\System32\Tasks\{C42459D8-F76E-4033-B4B3-14ED257CFA75} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C42459D8-F76E-4033-B4B3-14ED257CFA75}" => key removed successfully.
"C:\Users\Martin\Downloads\lightloggersetup_1.3.1.exe" => File/Folder not found.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => key removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => key removed successfully.
EmptyTemp: => 512.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:30:59 ====