prosím kontrolu logu prevence Vyřešeno

[Varg]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:19, on 10. 5. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 38.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Petr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7715 bytes


Tohle byla prevence.
Comp lehce zrychlil načítáni stránek.

[Reklama]

[mople71]

Ok, tak si ještě radši dame jeden sken:

Stáhni si prosím FRST:

Pro 32-bit OS: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Pro 64-bit OS: http://www.bleepingcomputer.com/downloa ... ool/dl/82/

Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic navíc nezatrhávej.

Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.

[Varg]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Petr (administrator) on PETRMALENKA on 10-05-2015 18:40:41
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-25] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-25] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-04-08] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 83.240.0.135 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\Free Media Player\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3832753693-3646972138-179110667-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-14] ()
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default\searchplugins\seznam-avast.xml [2015-03-01]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iq10j0za.default\searchplugins\yahoo-1.xml [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2013-11-09]

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-29]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-29]
CHR Extension: (Google Search) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Gladiatus Crazy Add On) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfbmiedjenagoegiiabjfjpkhfocifkp [2015-04-07]
CHR Extension: (Google Sheets) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Bookmark Manager) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

Opera:
=======
OPR Extension: (Gladiatus Crazy Add On) - C:\Users\Petr\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggbidmjnmplnobkkjiinjmbnhccpkbj [2014-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-25] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-25] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-25] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-25] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-25] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-25] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-25] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S4 NvStUSB; \SystemRoot\System32\drivers\nvstusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 18:40 - 2015-05-10 18:40 - 00012774 _____ () C:\Users\Petr\Desktop\FRST.txt
2015-05-10 18:40 - 2015-05-10 18:40 - 00000000 ____D () C:\FRST
2015-05-10 18:39 - 2015-05-10 18:39 - 02102784 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2015-05-10 18:21 - 2015-05-10 18:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-10 18:18 - 2015-05-10 18:03 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-10 18:04 - 2015-05-10 18:22 - 00009941 _____ () C:\zoek-results.log
2015-05-10 18:03 - 2015-05-10 18:16 - 00000000 ____D () C:\zoek_backup
2015-05-10 17:57 - 2015-05-10 17:57 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-10 17:55 - 2015-05-10 17:55 - 00000091 _____ () C:\Users\Petr\Desktop\Nový textový dokument (3).txt
2015-05-10 17:54 - 2015-05-10 17:54 - 01308672 _____ () C:\Users\Petr\Desktop\zoek.exe
2015-05-10 17:37 - 2015-05-10 17:37 - 00002182 _____ () C:\Users\Petr\Desktop\JRT.txt
2015-05-10 17:32 - 2015-05-10 17:32 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-PETRMALENKA-Windows-8.1-(64-bit).dat
2015-05-10 17:32 - 2015-05-10 17:32 - 00000000 ____D () C:\RegBackup
2015-05-10 17:31 - 2015-05-10 17:31 - 20688472 _____ () C:\Users\Petr\Desktop\RogueKillerX64.exe
2015-05-10 17:31 - 2015-05-10 17:31 - 02720307 _____ (Thisisu) C:\Users\Petr\Desktop\JRT.exe
2015-05-10 17:30 - 2015-05-10 17:30 - 00001969 _____ () C:\Users\Petr\Desktop\txt mbam.txt
2015-05-10 16:47 - 2015-05-10 16:47 - 00002724 _____ () C:\Users\Petr\Desktop\txt.txt
2015-05-10 16:30 - 2015-05-10 17:30 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 16:30 - 2015-05-10 16:30 - 00001130 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-10 16:30 - 2015-05-10 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-10 16:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-10 16:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-10 16:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-10 16:27 - 2015-05-10 17:10 - 00000000 ____D () C:\AdwCleaner
2015-05-10 16:25 - 2015-05-10 18:21 - 00005232 _____ () C:\WINDOWS\PFRO.log
2015-05-10 16:15 - 2015-05-10 16:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Petr\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-10 16:14 - 2015-05-10 16:15 - 02204160 _____ () C:\Users\Petr\Desktop\adwcleaner_4.203.exe
2015-05-10 16:14 - 2015-05-10 16:14 - 00448512 _____ (OldTimer Tools) C:\Users\Petr\Desktop\TFC.exe
2015-05-10 16:14 - 2015-05-10 16:14 - 00050688 _____ (Atribune.org) C:\Users\Petr\Desktop\ATF-Cleaner.exe
2015-05-10 15:56 - 2015-05-10 18:21 - 00001002 _____ () C:\WINDOWS\setupact.log
2015-05-10 15:56 - 2015-05-10 15:56 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-10 14:13 - 2015-05-10 17:24 - 00063287 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 13:14 - 2015-05-10 16:21 - 3343620096 _____ () C:\Users\Petr\Downloads\Vampire-The-Masquerade-Bloodlines-CZ.iso
2015-05-10 12:52 - 2015-05-10 18:26 - 00007716 _____ () C:\Users\Petr\Desktop\hijackthis.log
2015-05-10 12:52 - 2015-05-10 12:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Petr\Desktop\HijackThis.exe
2015-05-08 19:46 - 2015-05-08 21:45 - 2131637698 _____ () C:\Users\Petr\Downloads\Tělo---El-Cuerpo-2012,-CZ-tit.avi
2015-05-06 15:03 - 2015-05-09 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-04 09:14 - 2015-05-04 09:14 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\FastStone
2015-05-04 08:39 - 2015-05-04 08:39 - 00001432 _____ () C:\Users\Public\Desktop\Free Video Editor.lnk
2015-05-04 08:39 - 2015-05-04 08:39 - 00001269 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-05-04 08:39 - 2015-05-04 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-05-04 08:39 - 2015-05-04 08:39 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-05-04 08:38 - 2015-05-04 08:40 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\DVDVideoSoft
2015-05-02 12:09 - 2015-05-02 12:09 - 107151851 _____ () C:\Users\Petr\Downloads\Marie Rottrova-Lasko vonis destem.rar
2015-05-01 12:20 - 2011-01-22 00:26 - 00000000 ____D () C:\Users\Petr\Desktop\Dalibor Janda - Zlaté hity
2015-04-29 14:39 - 2015-05-09 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CZ modpack by doktortom5
2015-04-28 14:53 - 2015-04-28 14:53 - 00003836 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1397060391
2015-04-25 14:24 - 2015-04-29 06:56 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-25 14:24 - 2015-04-25 14:24 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-25 14:24 - 2015-04-25 14:24 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-25 14:24 - 2015-04-25 14:24 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-25 14:24 - 2015-04-25 14:24 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-25 14:15 - 2015-04-25 14:16 - 00000124 _____ () C:\Users\Petr\Desktop\Nový textový dokument (2).txt
2015-04-25 14:12 - 2015-04-28 19:17 - 00000000 ____D () C:\Users\Petr\AppData\Local\Razer
2015-04-25 14:11 - 2015-04-28 19:17 - 00000000 ____D () C:\ProgramData\Razer
2015-04-16 13:01 - 2015-04-16 13:01 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 07:03 - 2015-04-14 01:24 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-16 07:03 - 2015-04-14 01:24 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 22:46 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 22:46 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 22:46 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 22:46 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 22:46 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 22:46 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 22:46 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 22:46 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 22:46 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 22:46 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 22:46 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 22:46 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 22:46 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 22:46 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 22:46 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 22:46 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 22:46 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 22:45 - 2015-04-14 22:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:45 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 22:45 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 22:45 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 22:45 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 22:45 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 22:45 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 22:45 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 22:45 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 22:45 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 22:45 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 22:45 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 22:45 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 22:45 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 22:45 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 22:45 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 22:45 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 22:45 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 22:45 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 22:45 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 22:45 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 22:45 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 22:45 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 22:45 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 22:45 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 22:45 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 22:45 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 22:45 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 22:45 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 22:45 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 22:45 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 22:45 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 22:45 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 22:45 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 22:45 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 22:45 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 22:45 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 22:45 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 22:45 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 22:45 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 22:45 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 22:45 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 22:45 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 22:45 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 22:45 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 22:45 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 22:45 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 22:45 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 22:45 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-13 23:01 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-04-13 22:59 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 17176128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 12689592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-04-13 22:59 - 2015-04-09 02:58 - 03317344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435012.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435012.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00849552 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-04-13 22:59 - 2015-04-09 02:58 - 00029329 _____ () C:\WINDOWS\system32\nvinfo.pb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 18:22 - 2015-03-29 19:44 - 00000980 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 18:22 - 2013-10-25 10:49 - 00000000 ___DO () C:\Users\Petr\SkyDrive
2015-05-10 18:21 - 2014-08-04 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-10 18:21 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 18:16 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-10 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-10 17:49 - 2015-03-29 19:44 - 00000984 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 17:46 - 2014-07-11 13:56 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-10 17:24 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\DesktopTileResources
2015-05-10 17:10 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-10 16:32 - 2013-10-25 10:44 - 01771646 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-10 16:32 - 2013-09-30 05:56 - 00746994 _____ () C:\WINDOWS\system32\perfh005.dat
2015-05-10 16:32 - 2013-09-30 05:56 - 00155994 _____ () C:\WINDOWS\system32\perfc005.dat
2015-05-10 16:30 - 2014-08-01 20:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 16:25 - 2014-02-02 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-10 15:58 - 2015-02-28 19:57 - 00001419 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-10 13:21 - 2014-01-02 14:38 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\TS3Client
2015-05-10 13:21 - 2013-05-28 16:12 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Free Download Manager
2015-05-10 13:20 - 2014-08-06 08:53 - 00000000 ____D () C:\Users\Petr\Desktop\Hudba
2015-05-09 11:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-05 11:34 - 2014-09-28 09:16 - 00000000 ____D () C:\The KMPlayer
2015-05-05 06:46 - 2013-06-02 11:16 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\XnView
2015-05-04 11:48 - 2013-09-08 09:53 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\AIMP3
2015-05-04 10:58 - 2013-07-04 11:21 - 00968192 ___SH () C:\Users\Petr\Desktop\Thumbs.db
2015-05-04 09:35 - 2013-05-28 13:10 - 00000000 ____D () C:\Users\Petr\AppData\Local\Google
2015-05-04 09:35 - 2013-05-28 13:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-30 19:02 - 2013-11-26 13:04 - 00004982 _____ () C:\Users\Petr\Desktop\Nový textový dokument.txt
2015-04-30 12:49 - 2015-03-29 19:40 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 19:18 - 2015-03-19 21:24 - 00000000 ____D () C:\WarThunder
2015-04-28 19:15 - 2013-05-28 15:11 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 19:15 - 2013-05-28 15:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 14:53 - 2014-04-09 18:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-25 14:26 - 2014-02-02 13:37 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-24 19:17 - 2014-02-02 13:37 - 00003804 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-22 21:33 - 2013-08-31 08:58 - 00000000 ____D () C:\Program Files\Recuva
2015-04-16 13:02 - 2015-04-04 21:18 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 13:01 - 2014-07-06 16:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 07:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 07:03 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-14 23:01 - 2013-07-19 12:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:57 - 2013-05-29 07:02 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:55 - 2014-12-26 09:14 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 22:55 - 2014-07-10 16:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-13 23:01 - 2015-02-28 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-13 23:01 - 2013-10-25 10:26 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-13 23:01 - 2013-05-28 13:19 - 00000000 ____D () C:\temp

==================== Files in the root of some directories =======

2013-07-08 14:32 - 2013-07-08 14:32 - 0093696 _____ () C:\Users\Petr\AppData\Roaming\ezpinst.exe
2013-07-08 14:16 - 2013-08-02 16:04 - 0099384 _____ () C:\Users\Petr\AppData\Roaming\inst.exe
2013-07-08 14:16 - 2013-08-02 16:04 - 0007859 _____ () C:\Users\Petr\AppData\Roaming\pcouffin.cat
2013-07-08 14:16 - 2013-08-02 16:04 - 0001167 _____ () C:\Users\Petr\AppData\Roaming\pcouffin.inf
2013-07-08 14:16 - 2013-08-02 16:04 - 0082816 _____ (VSO Software) C:\Users\Petr\AppData\Roaming\pcouffin.sys
2013-07-08 15:14 - 2013-08-02 16:04 - 0001057 _____ () C:\Users\Petr\AppData\Roaming\vso_ts_preview.xml
2013-05-31 15:28 - 2013-05-31 15:28 - 0000017 _____ () C:\Users\Petr\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-10 18:32

==================== End Of Log ============================

[Varg]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Petr at 2015-05-10 18:41:22
Running from C:\Users\Petr\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3832753693-3646972138-179110667-500 - Administrator - Disabled)
Guest (S-1-5-21-3832753693-3646972138-179110667-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3832753693-3646972138-179110667-1270 - Limited - Enabled)
Petr (S-1-5-21-3832753693-3646972138-179110667-1004 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

[0.9.5] RagnaPackv2 [v.1.95.5] (x32 Version: 1.95.5 - Ragnarocek) Hidden
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)
Aktualizace NVIDIA 2.4.3.22 (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed(R) III v1.04 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.04 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
CZ modpack by doktortom5 verze 4.6 (HKLM-x32\...\{0A0F7087-E1FE-4AC5-8D31-C8E29BF0F824}_is1) (Version: 4.6 - doktortom5)
Free Download Manager 3.9.5 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free Video Editor version 1.4.12.415 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.12.415 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JUJU (HKLM-x32\...\SlVKVQ==_is1) (Version: 1 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Virtuální audio Miracast 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Ovládací panel NVIDIA 350.12 (Version: 350.12 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sherlock Holmes Crimes and Punishments verze v1.0u1 (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version: v1.0u1 - R.G. Danik1B9)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Sniper Elite (HKLM-x32\...\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}) (Version: - )
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
World of Tanks (HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3832753693-3646972138-179110667-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3832753693-3646972138-179110667-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3832753693-3646972138-179110667-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3832753693-3646972138-179110667-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3832753693-3646972138-179110667-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-05-2015 09:34:30 Removed Google Drive
10-05-2015 18:04:12 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-10 18:04 - 2015-05-10 18:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04D5D4D6-B2BB-49B1-B81D-90CFAC68B2E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {09A519D8-2BF9-4C5E-9A0C-3654AF1C9653} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {2B5F2724-20D4-4E67-B7BC-A2B15303DC76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {372C44EF-B85F-4A9E-AD98-3389F078FAD1} - System32\Tasks\{76ED66D3-EC50-47F4-919A-06935A6D2627} => pcalua.exe -a "C:\Users\Petr\Desktop\Medal of Honor-Pacific Assault\CZ\mohpacificassaultcz.exe" -d "C:\Users\Petr\Desktop\Medal of Honor-Pacific Assault\CZ"
Task: {3C7A66F9-7B1C-4B76-AFFF-C611B04CC031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {4F264AE6-CCDD-467A-B8E3-A5D6F0CB4946} - System32\Tasks\Opera scheduled Autoupdate 1397060391 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {5415A7AE-3483-42F4-A5AE-AAF1BB52CF43} - System32\Tasks\{971B0503-70CC-43FD-8A22-42982980216C} => pcalua.exe -a "C:\Users\Petr\Desktop\Wolfenstein (2009) .by kobra.CZ\Čeština do hry Wolfenstein - 2009\WolfensteinBetaCz.exe" -d "C:\Users\Petr\Desktop\Wolfenstein (2009) .by kobra.CZ\Čeština do hry Wolfenstein - 2009"
Task: {5D22B51E-ECFA-4456-9D3F-034007CF6BF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5DB0CBDD-9A7D-411B-9B6A-764D170DEE92} - \avastBCLRestartS-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {67CDA261-ECB7-46F7-A161-09077BFD1DE1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {74CDC03D-1089-44FA-A98B-0C848357DF73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-25] (Avast Software s.r.o.)
Task: {8CFFB5D5-1890-4EEC-A2D1-99C37C09BF83} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {9173F064-0894-444A-A304-DB2C569DCA2F} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1001 No Task File <==== ATTENTION
Task: {9FA3D604-B948-4A1C-A7A8-2510B3B0DC6B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-24] (Adobe Systems Incorporated)
Task: {C45A53D4-8C72-45C8-8510-ECDAD581B05B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DC2F4754-F31A-4141-99BF-34EF4BA8E1AC} - System32\Tasks\{74B2946B-5177-4EAC-A333-11289300C3F3} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" -d "C:\Program Files (x86)\EA GAMES\Medal of Honor Pacific Assault(tm)"
Task: {E48B5E1F-32DA-499B-AA19-99CD5560C786} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF6CF0C-325A-41BA-9C00-E4C6BF970358} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-04 19:34 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-25 14:24 - 2015-04-25 14:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-25 14:24 - 2015-04-25 14:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-10 11:51 - 2015-05-10 11:51 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15051000\algo.dll
2015-03-31 17:26 - 2015-05-01 18:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-29 19:33 - 2015-03-29 19:33 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Petr\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\Downloads\wallpapers\Dark Gothic Wallpapers 1.jpg
DNS Servers: 83.240.0.135 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "Advanced SystemCare 6"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [TCP Query User{721F5A32-6F82-4D41-AFAC-C44F49EDCA7A}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe
FirewallRules: [UDP Query User{587BD0BF-57F1-4E33-83B1-E419758A9658}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe
FirewallRules: [TCP Query User{059748E2-ECC2-4202-AB04-D85E2AEBA9CC}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{50A5986C-EFC6-44E9-831E-3746A1BFCCD4}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{8722C005-1282-41DB-A504-9575FA89E56D}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{67022AB5-14EB-4D51-A5ED-3B9B6098C1AC}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{4CC41102-C32F-4DE9-B22B-85E64A2B94B8}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe
FirewallRules: [UDP Query User{FF3EFD1C-FBC2-46F4-8327-CBCC045D048C}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe
FirewallRules: [TCP Query User{E9289F72-0B16-4649-AC44-7BF126312E5F}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{9AD730A9-8D49-4CD7-87A8-C2D8DB1B9E5C}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{B212FF6E-C744-4469-BAF8-E98EB428652E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{494E87ED-22A3-45FE-A8D1-97456F313160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D675FA7F-E938-4742-83AD-F3E12DCCDA68}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B93719BD-9FDB-4E95-964D-BF6ED540732F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CA32B528-52DC-452D-90C5-FD62D1CB66A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{C866ED10-D925-48AF-9DC4-744F99F3404A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [TCP Query User{ED1D1B61-E5D2-4BB3-A587-B42AC1FAC7C0}C:\program files (x86)\juju\binaries\win32\b1game-win32-shipping.exe] => (Allow) C:\program files (x86)\juju\binaries\win32\b1game-win32-shipping.exe
FirewallRules: [UDP Query User{61853750-E09C-4D28-8238-489457974CCB}C:\program files (x86)\juju\binaries\win32\b1game-win32-shipping.exe] => (Allow) C:\program files (x86)\juju\binaries\win32\b1game-win32-shipping.exe
FirewallRules: [{749E959F-C238-4BC4-9FFA-BC8BEBE7C79C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5D61947-D07D-4926-8CB5-ABA24D1CE9F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD59AC3C-DBBF-4A26-956C-BA9F3ED843AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6968135D-8929-4FEE-B466-84BC44714C26}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8FD58D14-DB12-402D-981B-4591465B9E65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{15A45830-9736-4F41-BA36-1F91308EDC21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1502E14A-0388-43E2-98A1-5E8B908AD262}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4600560D-F0D5-44F8-8553-CF32DF49B7A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{B223D14B-7EFE-44AC-904F-0549B13FBDDA}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{7C27C8AC-31F1-4836-B08E-22AFF2A047A0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{E3CF7134-9EC6-461D-9189-81EF7A63BA55}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8D741431-8248-4012-8232-393226D94C7A}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{FA79D4F5-0C9E-42EC-984C-C6BDBF50058A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 06:36:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 06:32:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 06:32:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 05:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 05:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 05:38:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/10/2015 05:38:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (05/10/2015 06:36:40 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:32:39 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:32:38 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:22:16 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:22:16 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:22:15 PM) (Source: DCOM) (EventID: 10010) (User: PETRMALENKA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (05/10/2015 06:21:45 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Tento počítač je nakonfigurován jako člen pracovní skupiny, nikoliv jako
člen domény. Přihlašovací služba Netlogon nepotřebuje být spuštěna v této
konfiguraci.

Error: (05/10/2015 06:15:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:15:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


Microsoft Office Sessions:
=========================
Error: (05/10/2015 06:36:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 06:32:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 06:32:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 05:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 05:54:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 05:38:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (05/10/2015 05:38:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PETRMALENKA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141


CodeIntegrity Errors:
===================================
Date: 2013-10-25 11:19:49.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:19:49.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:19:47.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:19:47.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:19:46.933
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:19:46.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:02:09.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:02:09.582
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:02:09.474
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-10-25 11:02:09.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-4130 Quad-Core Processor
Percentage of memory in use: 13%
Total physical RAM: 8173.43 MB
Available physical RAM: 7094.49 MB
Total Pagefile: 9453.43 MB
Available Pagefile: 8284.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:648.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: C0729418)
Partition 1: (Active) - (Size=352 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[jaro3]

Odinstaluj:
Advanced SystemCare 6"

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF NewTab: about:newtab
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Petr\AppData\Roaming\inst.exe
Task: {5DB0CBDD-9A7D-411B-9B6A-764D170DEE92} - \avastBCLRestartS-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {8CFFB5D5-1890-4EEC-A2D1-99C37C09BF83} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {9173F064-0894-444A-A304-DB2C569DCA2F} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1001 No Task File <==== ATTENTION
Task: {FCF6CF0C-325A-41BA-9C00-E4C6BF970358} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100sexlinks.com -> 100sexlinks.com

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Vlož nový log z HJT + informuj o problémech.

[Varg]

Ahoj.

Prosím mám problém s tím Advanced SystemCare 6
Nechce mi ho to vůbec najít.
Nejde to ani přes "odebrat programy" a ani Ccleaner mně ho nezobrazí.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Petr at 2015-05-11 17:11:21 Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3832753693-3646972138-179110667-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF NewTab: about:newtab
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Petr\AppData\Roaming\inst.exe
Task: {5DB0CBDD-9A7D-411B-9B6A-764D170DEE92} - \avastBCLRestartS-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {8CFFB5D5-1890-4EEC-A2D1-99C37C09BF83} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1004 No Task File <==== ATTENTION
Task: {9173F064-0894-444A-A304-DB2C569DCA2F} - \Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1001 No Task File <==== ATTENTION
Task: {FCF6CF0C-325A-41BA-9C00-E4C6BF970358} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3832753693-3646972138-179110667-1004\...\100sexlinks.com -> 100sexlinks.com
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
Firefox newtab deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Petr\AppData\Roaming\inst.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DB0CBDD-9A7D-411B-9B6A-764D170DEE92}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DB0CBDD-9A7D-411B-9B6A-764D170DEE92}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-3832753693-3646972138-179110667-1004" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFFB5D5-1890-4EEC-A2D1-99C37C09BF83} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1004" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9173F064-0894-444A-A304-DB2C569DCA2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9173F064-0894-444A-A304-DB2C569DCA2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3832753693-3646972138-179110667-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCF6CF0C-325A-41BA-9C00-E4C6BF970358}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF6CF0C-325A-41BA-9C00-E4C6BF970358}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0190-dialers.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\01i.info" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\02pmnzy5eo29bfk4.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\07ic5do2myz3vzpk.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\08nigbmwk43i01y6.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\093qpeuqpmz6ebfa.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0calories.net" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0cj.net" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-britney-spears-nude.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-se.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001movie.com" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001night.biz" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100gal.net" => Key deleted successfully.
"HKU\S-1-5-21-3832753693-3646972138-179110667-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => Key deleted successfully.

==== End of Fixlog 17:11:22 ====

[Varg]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:49, on 11. 5. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 38.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Petr\Desktop\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7539 bytes

[jerabina]

Zmáčkni Win+R
Do vyhledávání zadej msconfig a stiskni Enter
Najeď do záložky Po spuštění
Najdi v seznamu Advanced System Care a vypiš mi, jaká je k němu cesta v sloupečku Po spuštění (cestu nejspíše na první pohled neuvidíš celou, poté na ní stačí pouze najet a uvidíš jí celou, celou mi jí sem prosím vlož).

[Varg]

Udělal jsem a objevilo se mně jen toto:

[jerabina]

Klikni na Spustit Správce úloh a zkus tam najít někde položky, které se spouští při spuštění.

[Varg]

Bohužel bez úspěchu :(

[jerabina]

Tak ještě dočistíme

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?