Prosím o kontrolu. :)

Zpráva

A.d.u.n.a. · #1 Příspěvek od **A.d.u.n.a.** » 20 črc 2017 09:46

Logfile of random's system information tool 1.10 (written by random/random)
Run by Emachines at 2017-07-20 10:36:13
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 27 GB (12%) free of 226 GB
Total RAM: 1788 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:20, on 20.7.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Emachines.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8396 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 4044176
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "178698692821436643031678974646-956742335-916153921-1330498725-10113562701124627470
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe"
"C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
"C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 1304
"taskhost.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AvastUI.exe /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Emachines\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=59.0.3071.115 --initial-client-data=0xa4,0xa8,0xac,0xa0,0xb0,0x66fa6dec,0x66fa6df8,0x66fa6dd4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4516 --on-initialized-event-handle=340 --parent-handle=344 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1176 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,11,17,19,20,21,24,28,43,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.635.0.0 --gpu-driver-date=8-4-2009 --service-request-channel-token=154A8CA7F661FF0D165F6C50F71D85C7 --mojo-platform-channel-handle=1152 --ignored=" --type=renderer " /prefetch:2
"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1176 --primordial-pipe-token=30775DB99327749DCFA227FD0CB96438 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=30775DB99327749DCFA227FD0CB96438 --renderer-client-id=21 --mojo-platform-channel-handle=1824 /prefetch:1
taskeng.exe {892B6499-2F33-4E53-92A3-83281306CB73}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1176 --primordial-pipe-token=4F2207158622570E6BC2B2E87FFAA649 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=4F2207158622570E6BC2B2E87FFAA649 --renderer-client-id=25 --mojo-platform-channel-handle=640 /prefetch:1
taskeng.exe {D52813C0-2D96-4A60-AD6B-0D514354B1AC}
"C:\Users\Emachines\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18 571456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2017-07-04 896048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18 234560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-04 774440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [2017-07-20 213832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2009-10-29 822816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2009-11-13 306472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2009-08-18 1157128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-05 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15 587288]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2017-07-20 10:36:13 ----D---- C:\rsit
2017-07-20 10:08:16 ----D---- C:\ProgramData\SWCUTemp
2017-07-20 09:57:49 ----A---- C:\Windows\system32\aswBoot.exe
2017-07-16 20:44:40 ----A---- C:\Windows\system32\gpsvc.dll
2017-07-16 20:44:39 ----A---- C:\Windows\SYSWOW64\polstore.dll
2017-07-16 20:44:39 ----A---- C:\Windows\SYSWOW64\gpapi.dll
2017-07-16 20:44:39 ----A---- C:\Windows\system32\polstore.dll
2017-07-16 20:44:39 ----A---- C:\Windows\system32\IPSECSVC.DLL
2017-07-16 20:44:39 ----A---- C:\Windows\system32\gpapi.dll
2017-07-16 20:44:38 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2017-07-16 20:44:38 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2017-07-16 20:44:38 ----A---- C:\Windows\system32\winipsec.dll
2017-07-16 20:44:38 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2017-07-16 20:44:06 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-07-16 20:44:06 ----A---- C:\Windows\system32\poqexec.exe
2017-07-09 11:21:49 ----A---- C:\Windows\system32\drivers\aswHdsKe.sys

======List of files/folders modified in the last 1 month======

2017-07-20 10:36:20 ----D---- C:\Windows\Prefetch
2017-07-20 10:36:17 ----D---- C:\Program Files\trend micro
2017-07-20 10:35:12 ----D---- C:\Windows\Temp
2017-07-20 10:29:00 ----D---- C:\Windows\system32\NDF
2017-07-20 10:26:23 ----D---- C:\Windows\system32\config
2017-07-20 10:26:04 ----D---- C:\Windows\SysWOW64
2017-07-20 10:26:03 ----D---- C:\Windows\System32
2017-07-20 10:24:04 ----SHD---- C:\System Volume Information
2017-07-20 10:18:51 ----D---- C:\Windows\winsxs
2017-07-20 10:17:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-07-20 10:17:29 ----D---- C:\Windows\system32\cs-CZ
2017-07-20 10:08:16 ----D---- C:\ProgramData
2017-07-20 10:02:35 ----D---- C:\Windows\system32\drivers
2017-07-20 10:00:20 ----D---- C:\Windows\system32\Tasks
2017-07-16 20:33:39 ----D---- C:\Windows\system32\catroot2
2017-07-16 20:11:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-16 20:11:03 ----D---- C:\Windows\inf
2017-07-12 00:16:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-07-12 00:16:07 ----D---- C:\Windows\system32\Macromed
2017-07-12 00:16:06 ----D---- C:\Windows\SYSWOW64\Macromed
2017-07-09 22:31:57 ----A---- C:\Windows\iltwain.ini
2017-07-04 22:27:59 ----D---- C:\ProgramData\AVAST Software
2017-06-24 12:57:36 ----D---- C:\Windows
2017-06-24 12:56:33 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-07-20 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-07-20 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-07-20 57728]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-07-04 84392]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-07-04 361336]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-28 564792]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-07-20 320008]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-07-04 41800]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-07-04 110352]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-07-04 1015848]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-07-04 585608]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-07-20 146696]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-07-04 198768]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-06-15 245296]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-04 6038016]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-08-21 2978296]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [2017-07-09 104600]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-07-04 46984]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-19 2012832]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-26 219136]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 109096]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 19496]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 146984]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 130600]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 34344]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 125480]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 144936]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-04 203264]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2017-07-20 263312]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-10-29 844320]
R2 Greg_Service;GRegService; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
R2 Updater Service;Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [2017-07-20 7430992]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12 272384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-03-13 867080]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 114688]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Kodlz · #2 Příspěvek od **Kodlz** » 20 črc 2017 09:56

Ahoj,
Muzu Te poprosit o vlozeni logu FRST.txt a Addition.txt z aplikace FRSTLauncher (Farbar Recovery Scan Tool). Navod naleznes zde: http://forum.viry.cz/viewtopic.php?f=13&t=133100
Obsah Additional.txt muzes vlozit rovnou sem do vlakna.

A.d.u.n.a. · #3 Příspěvek od **A.d.u.n.a.** » 20 črc 2017 10:07

FRST jsem si stáhla, ale nejde mi stáhnout ten FRST Launcher - i když vypnu antivir, blokuje mi ho pro změnu chrome a nevím, kde co vypnout, aby se mi to stáhlo. :-/

Kodlz · #4 Příspěvek od **Kodlz** » 20 črc 2017 10:13

kdyz nejde tak nevadi.
pusti jen FRST64.exe

A.d.u.n.a. · #5 Příspěvek od **A.d.u.n.a.** » 20 črc 2017 10:23

Nevím, jak se to stalo, ale vyjely mi oba logy, jak FRST, tak Addition.

Posílám tedy oba.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Emachines (administrator) on EMACHINES-PC (20-07-2017 11:17:46)
Running from C:\Users\Emachines\Desktop
Loaded Profiles: Emachines (Available Profiles: Emachines)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o.) C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
Tcpip\..\Interfaces\{87C8E219-0DFB-49C9-BDF5-81D881440E11}: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
Tcpip\..\Interfaces\{E379C84B-F970-4590-B760-899F7A6954C8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2017-07-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-04] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.bin => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR Profile: C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (YouTube) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-03] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeW ... pdates.xml] <==== ATTENTION
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-10-29] (Acer Incorporated)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [104600 2017-07-09] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-04] (AVAST Software)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [109096 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [19496 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [146984 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [130600 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [34344 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [125480 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [144936 2007-12-10] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-01-28] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 11:17 - 2017-07-20 11:18 - 00015754 _____ C:\Users\Emachines\Desktop\FRST.txt
2017-07-20 11:14 - 2017-07-20 11:17 - 00000000 ____D C:\FRST
2017-07-20 11:00 - 2017-07-20 11:00 - 02382336 _____ (Farbar) C:\Users\Emachines\Desktop\FRST64.exe
2017-07-20 10:36 - 2017-07-20 10:36 - 00000000 ____D C:\rsit
2017-07-20 10:34 - 2017-07-20 10:34 - 01222144 _____ C:\Users\Emachines\Downloads\RSITx64.exe
2017-07-20 10:08 - 2017-07-20 10:08 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-20 09:57 - 2017-07-20 09:57 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-16 20:44 - 2016-07-22 16:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-07-16 20:44 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-07-16 20:44 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-07-16 20:44 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-16 20:44 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-07-16 20:44 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-07-16 20:44 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-07-16 20:44 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-07-16 20:44 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-07-16 20:44 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-07-16 20:44 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-07-16 20:44 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-07-14 10:16 - 2017-07-14 10:16 - 00712263 _____ C:\Users\Emachines\Downloads\Bakalarska_prace_-_Adela_Kribalova (1).pdf
2017-07-13 15:51 - 2017-07-13 15:51 - 00712263 _____ C:\Users\Emachines\Downloads\Bakalarska_prace_-_Adela_Kribalova.pdf
2017-07-13 15:20 - 2017-07-14 10:15 - 00713371 _____ C:\Users\Emachines\Desktop\Bakalářská práce - Adéla Kříbalová.pdf
2017-07-10 12:02 - 2017-07-10 12:02 - 02019509 _____ C:\Users\Emachines\Downloads\Bakalarska_prace-Alena_Pestova.pdf
2017-07-09 11:21 - 2017-07-09 11:14 - 00104600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-06-27 20:41 - 2017-06-28 00:29 - 00010250 _____ C:\Users\Emachines\Desktop\Dotazník.xlsx
2017-06-25 23:19 - 2017-06-25 23:19 - 00454361 _____ C:\Users\Emachines\Desktop\Četba shrnutí.pdf
2017-06-24 12:56 - 2017-06-24 12:56 - 00370584 _____ C:\Windows\Minidump\062417-26785-01.dmp
2017-06-24 12:40 - 2017-06-24 12:41 - 00371944 _____ C:\Windows\Minidump\062417-24960-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 10:36 - 2014-06-26 18:11 - 00000000 ____D C:\Program Files\trend micro
2017-07-20 10:31 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 10:31 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 10:29 - 2015-10-18 18:40 - 00000000 ____D C:\Users\Emachines\AppData\Local\ElevatedDiagnostics
2017-07-20 10:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-20 10:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 10:00 - 2016-03-23 00:15 - 00003900 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458684877
2017-07-20 09:58 - 2017-03-06 15:47 - 00003916 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-20 09:58 - 2010-12-16 17:29 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 09:57 - 2010-12-16 17:29 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150053752799203
2017-07-20 09:56 - 2017-03-06 15:47 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-20 09:56 - 2017-03-06 15:47 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-20 09:56 - 2017-03-06 15:47 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-20 09:56 - 2017-03-06 15:47 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-16 20:11 - 2009-12-22 05:40 - 00676326 _____ C:\Windows\system32\perfh005.dat
2017-07-16 20:11 - 2009-12-22 05:40 - 00145010 _____ C:\Windows\system32\perfc005.dat
2017-07-16 20:11 - 2009-07-14 07:13 - 01605516 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-16 20:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-12 00:16 - 2012-06-13 19:45 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 00:16 - 2012-06-13 19:45 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 00:16 - 2012-06-13 19:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-12 00:16 - 2011-06-10 17:56 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 00:16 - 2009-11-13 22:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-09 22:31 - 2012-01-15 00:18 - 00000049 _____ C:\Windows\iltwain.ini
2017-07-04 22:29 - 2013-04-05 18:34 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-04 22:27 - 2014-04-21 12:47 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-04 22:27 - 2013-12-23 19:10 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-04 22:27 - 2013-11-20 14:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-04 22:27 - 2013-04-05 18:34 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149920018393306
2017-07-04 22:27 - 2013-04-05 18:34 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-04 22:27 - 2012-04-13 22:07 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-04 22:27 - 2010-12-16 17:29 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-04 22:26 - 2016-03-23 00:14 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-04 22:26 - 2011-04-11 23:23 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-28 23:13 - 2012-10-14 10:50 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-24 12:56 - 2010-08-17 13:24 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2013-01-02 22:46 - 2013-01-02 22:46 - 0000000 _____ () C:\Users\Emachines\AppData\Roaming\wklnhst.dat
2011-02-16 00:38 - 2015-01-15 11:07 - 0006144 _____ () C:\Users\Emachines\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-12 15:24 - 2011-06-12 16:52 - 0007610 _____ () C:\Users\Emachines\AppData\Local\Resmon.ResmonCfg
2009-11-13 22:21 - 2009-07-18 04:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-05-02 20:50 - 2011-01-12 21:33 - 0000626 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-03-07 12:05 - 2017-03-07 12:05 - 0005632 _____ () C:\Users\Emachines\AppData\Local\Temp\1lo_z1h1.dll
2016-02-03 18:50 - 2016-02-03 18:50 - 0003584 _____ () C:\Users\Emachines\AppData\Local\Temp\j0ympwhh.dll
2016-07-20 13:44 - 2016-07-20 13:45 - 0741440 _____ (Oracle Corporation) C:\Users\Emachines\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-04-18 20:46 - 2017-04-18 20:46 - 0739904 _____ (Oracle Corporation) C:\Users\Emachines\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-02-07 19:02 - 2016-02-07 19:02 - 0736352 _____ (Oracle Corporation) C:\Users\Emachines\AppData\Local\Temp\jre-8u74-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 21:27

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Emachines (20-07-2017 11:19:36)
Running from C:\Users\Emachines\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-11 18:55:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3420868250-582647965-2867217246-500 - Administrator - Disabled)
Emachines (S-1-5-21-3420868250-582647965-2867217246-1000 - Administrator - Enabled) => C:\Users\Emachines
Guest (S-1-5-21-3420868250-582647965-2867217246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3420868250-582647965-2867217246-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{9F560BEB-021F-43AC-825F-AA60442D8DE4}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.209 - Alps Electric)
Amazing Photo Editor V4.9.6 (HKLM-x32\...\Amazing Photo Editor V4.9.6) (Version: hxxp://www.SilverEagleSoft.com - Silver Eagle Software, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{44FEBA86-D067-06F1-F757-B25388B75193}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
BufferChm (HKLM-x32\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version: - )
ccc-core-static (HKLM-x32\...\{C0BCA6DF-438D-6EE0-E7E8-1BC30D372E45}) (Version: 2009.0804.2223.38385 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3420868250-582647965-2867217246-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0805 - eMachines Incorporated)
English Grammar in Use Extra application (HKLM-x32\...\{6185DA1C-B9F6-DD0C-6336-53273EDD2ECD}) (Version: 1.0.0 - Cambridge University Press Holdings Limited) Hidden
English Grammar in Use Extra application (HKLM-x32\...\EnglishGrammarinUseExtra) (Version: 1.0.0 - Cambridge University Press Holdings Limited)
English Grammar in Use Extra content (HKLM-x32\...\English Grammar in Use Extra content) (Version: 1.0.0.0 - Cambridge University Press)
Fax (HKLM-x32\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.02 - eMachines)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{B44F3823-52DD-45CA-A916-8B320778715D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Czech) (HKLM-x32\...\{95120000-00AF-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{99D7DE4C-2775-4B16-B155-7F09AE939E8E}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (HKLM-x32\...\{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{A68C62E8-B243-4777-89BB-12173DFA1D45}) (Version: 1.0.1 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}) (Version: 1.1.1 - OLYMPUS IMAGING CORP.)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Oxford Learner's Thesaurus (HKLM-x32\...\NSIS_olt1) (Version: - )
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Scan (HKLM-x32\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Toolbox (HKLM-x32\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Video Web Camera (HKLM-x32\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.1.0.1 - SuYin)
WebReg (HKLM-x32\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3009 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3420868250-582647965-2867217246-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Emachines\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3420868250-582647965-2867217246-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3420868250-582647965-2867217246-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3420868250-582647965-2867217246-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3420868250-582647965-2867217246-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers01: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers04: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-08-05] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1_S-1-5-21-3420868250-582647965-2867217246-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3420868250-582647965-2867217246-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3420868250-582647965-2867217246-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emachines\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17C316D5-6AA5-445C-AEE9-3C0911B9963E} - System32\Tasks\{2B4B34D7-4DA9-4DA7-B8EE-D7765F9C0339} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\Desktop\Setup.exe -d C:\Users\Emachines\Desktop
Task: {33881B7F-9419-4F12-94F8-7D6780E0824E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {4E45F76A-848B-4B06-8EC7-84850CFEA8DC} - System32\Tasks\{AF15DB89-B610-41DD-B2BE-3BD7AC45BDF4} => C:\Windows\system32\pcalua.exe -a "E:\Old games\Centurion.exe" -d "E:\Old games"
Task: {522A70AC-8BB3-434B-87BC-F37E20BD9536} - System32\Tasks\{8592204D-99FC-4504-96A3-77C5DB7A937F} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\Desktop\VirtualDub-1.9.9\auxsetup.exe -d C:\Users\Emachines\Desktop\VirtualDub-1.9.9
Task: {568A2B2A-FD36-4AE6-81B0-60DB4B566715} - System32\Tasks\SafeZone scheduled Autoupdate 1458684877 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {58A882B2-696D-4484-8D26-86E1FD007CA2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3420868250-582647965-2867217246-1000UA => C:\Users\Emachines\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BBB21A9-7F22-437C-8924-28D3F849E9C1} - System32\Tasks\{DA4A3983-F549-48A3-9497-4D82AE1433FF} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\Desktop\qip8095.exe -d C:\Users\Emachines\Desktop
Task: {682435A2-05ED-4B00-908D-FFC5437FCF8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {743D19A3-0CBB-4163-AFE9-FA159CAAC181} - System32\Tasks\{00B38097-95BD-452B-9BE8-4F1D9DA1A23C} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -c /M{BBF51613-ACF3-4B1C-86E8-AD15BB431037}
Task: {75295460-FF7D-4824-94AA-B601ADC7BC06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {817FC6BD-366D-47C7-A021-EB6B82021D0C} - System32\Tasks\{83A0DF8D-5AA9-494B-AF9E-47FBA994E337} => C:\Windows\system32\pcalua.exe -a "C:\Users\Emachines\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HFQKL25\zyngaIE_toolbar[1].exe" -d C:\Users\Emachines\Desktop
Task: {8DA01B54-636C-4382-BCE3-CC03B33F9EE4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {B500C998-41C6-4968-9C49-B15222F32F21} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3420868250-582647965-2867217246-1000Core => C:\Users\Emachines\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {BB5967C1-FEB6-42B8-8640-AA7B92512AD7} - System32\Tasks\{30AE7C7D-C26C-427A-A62E-9B87535F6F86} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\Desktop\dotnetfx.exe -d C:\Users\Emachines\Desktop
Task: {C6989C3D-BB74-44DB-97AA-3C279E06995C} - System32\Tasks\AdobeAAMUpdater-1.0-Emachines-PC-Emachines => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CF2C8BBE-D4F0-49C0-8BCD-5A41A63BF92E} - System32\Tasks\Avast Emergency Update => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {D46D304B-6889-432D-8B0A-0A16C1482C5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E047383B-0380-4B14-831F-0E2F7C66687B} - System32\Tasks\{4248CECD-647B-460F-80E4-8C3A288A8A47} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\AppData\Local\Temp\Temp1_VirtualDub-1.9.9[1].zip\auxsetup.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2009-12-22 06:06 - 2007-10-23 20:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-05-13 20:44 - 2009-05-13 20:44 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-22 05:56 - 2009-12-22 05:56 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-07-20 09:56 - 2017-07-20 09:56 - 00162032 _____ () c:\Program Files\Alwil Software\Avast5\x64\vaarclient.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00831664 _____ () C:\Program Files\Alwil Software\Avast5\x64\ffl2.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00276808 _____ () c:\Program Files\Alwil Software\Avast5\x64\StreamBack.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00170224 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00192664 _____ () C:\Program Files\Alwil Software\Avast5\event_routing_rpc.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00224256 _____ () C:\Program Files\Alwil Software\Avast5\tasks_core.dll
2017-07-20 09:45 - 2017-07-20 09:45 - 05784064 _____ () C:\Program Files\Alwil Software\Avast5\defs\17071908\algo.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00689272 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 00231664 _____ () C:\Program Files\Alwil Software\Avast5\streamback.dll
2017-07-20 09:57 - 2017-07-20 09:57 - 01065936 _____ () C:\Program Files\Alwil Software\Avast5\AvChrome.dll
2017-07-04 22:27 - 2017-07-04 22:27 - 67109376 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2017-07-20 09:56 - 2017-07-20 09:56 - 00292920 _____ () C:\Program Files\Alwil Software\Avast5\gaming_mode_ui.dll
2017-06-28 23:13 - 2017-06-23 04:21 - 02877272 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 23:13 - 2017-06-23 04:21 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [274]
AlternateDataStreams: C:\ProgramData\TEMP:444C53BA [128]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [276]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [120]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [123]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [143]
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D [268]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-26 21:09 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Emachines\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C6422163-F0B1-47BB-8EA2-5076876E580C}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{2A76E33B-B4B9-438A-B5F1-CB3957826334}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{ECF42770-6828-4B40-A9D0-C228E037A846}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{0BB08C16-4650-4DEE-A15D-D8C504A5FBB9}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{C0438B5F-0624-4A77-9487-A6C34E03EA0C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{14D18D27-1352-45B5-AEA2-91A64CA6FD3D}] => (Allow) svchost.exe
FirewallRules: [{3D13F01C-1B4D-46FD-82DE-C6727A3603CD}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FF400D90-AA36-4FC1-BBF2-AE3281D9A524}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8D35B7A-9BFD-43FC-A159-B5521954A311}] => (Allow) LPort=2869
FirewallRules: [{74A23AB8-F2D1-4D1E-B58D-1845BE884A2F}] => (Allow) LPort=1900
FirewallRules: [{BD9156F8-1BA7-44ED-A465-138958019179}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{7875298B-6D04-4FBD-A744-5B97865874AC}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9B179775-A9DF-424B-B740-9590AEA17178}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{2FA75CF4-053E-4070-803B-890FF30B52F7}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{EDF64621-3771-40F8-ADD9-BF390B008E74}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{800C4DED-E7CD-4DDE-8AEC-246C6B6426C2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{22ED98ED-3B64-402C-9221-23E448000554}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{CB8F5E94-794A-4F8B-9374-AF2AAD7051A5}] => (Allow) C:\Users\Emachines\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{8DC40E44-2A75-4FD0-AD60-0AE4489AC888}] => (Allow) C:\Users\Emachines\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{43FBC3B3-9983-4A2B-A590-E9E511183F68}] => (Allow) C:\Users\Emachines\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9D6F5441-5403-4782-A6EB-01456F91C9A8}] => (Allow) C:\Users\Emachines\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7DB027AD-4F62-468D-AD6C-7D9A4A501CFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{06DF835C-79D8-4494-8DA1-29F97A5D3BBE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{09790B80-0515-4E67-9BB4-C977422993D3}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe

==================== Restore Points =========================

16-07-2017 21:34:19 Naplánovaný kontrolní bod
20-07-2017 10:09:58 Windows Update
20-07-2017 10:22:47 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2017 12:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: POWERPNT.EXE, verze: 12.0.6735.5000, časové razítko: 0x5621423f
Název chybujícího modulu: ppcore.dll, verze: 12.0.6741.5000, časové razítko: 0x56698d71
Kód výjimky: 0xc0000005
Posun chyby: 0x005f2a48
ID chybujícího procesu: 0x4f8
Čas spuštění chybující aplikace: 0x01d2d3ebdbaeac7b
Cesta k chybující aplikaci: C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
Cesta k chybujícímu modulu: C:\Program Files (x86)\Microsoft Office\Office12\ppcore.dll
ID zprávy: 80305f7b-4005-11e7-8177-705ab600e8d4

Error: (04/10/2017 07:25:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WINWORD.EXE verze 12.0.6748.5000 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 970

Čas spuštění: 01d2b21f2ce0f095

Čas ukončení: 15

Cesta k aplikaci: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

ID hlášení: a055bb5c-1e12-11e7-b7ea-705ab600e8d4

Error: (01/26/2017 05:13:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WINWORD.EXE, verze: 12.0.6748.5000, časové razítko: 0x570f7035
Název chybujícího modulu: mso.dll, verze: 12.0.6743.5000, časové razítko: 0x569618d9
Kód výjimky: 0xc0000005
Posun chyby: 0x0003b720
ID chybujícího procesu: 0x1280
Čas spuštění chybující aplikace: 0x01d277030852e0c1
Cesta k chybující aplikaci: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Cesta k chybujícímu modulu: C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll
ID zprávy: 00403f18-e3da-11e6-ade4-705ab600e8d4

Error: (06/27/2016 06:36:15 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1880) WebCacheLocal: Při zotavení či obnovení databáze došlo k neočekávané chybě -510.

Error: (06/27/2016 06:36:15 PM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhost (1880) WebCacheLocal: Pro soubor C:\Users\Emachines\AppData\Local\Microsoft\Windows\WebCache\V01.chk nelze zapsat stínové záhlaví. Chyba -1032

Error: (06/27/2016 06:36:15 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1880) WebCacheLocal: Pokus o otevření souboru C:\Users\Emachines\AppData\Local\Microsoft\Windows\WebCache\V01.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (06/27/2016 06:36:05 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1880) WebCacheLocal: Pokus o otevření souboru C:\Users\Emachines\AppData\Local\Microsoft\Windows\WebCache\V01.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (06/27/2016 06:35:55 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1880) WebCacheLocal: Při zotavení či obnovení databáze došlo k neočekávané chybě -510.

Error: (06/27/2016 06:35:55 PM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhost (1880) WebCacheLocal: Pro soubor C:\Users\Emachines\AppData\Local\Microsoft\Windows\WebCache\V01.chk nelze zapsat stínové záhlaví. Chyba -1032

Error: (06/27/2016 06:35:55 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1880) WebCacheLocal: Pokus o otevření souboru C:\Users\Emachines\AppData\Local\Microsoft\Windows\WebCache\V01.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

System errors:
=============
Error: (07/20/2017 10:25:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Aktualizace systému Windows 7 pro systémy na platformě x64 (KB3177467).

Error: (07/20/2017 10:17:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (10:16:34, ‎20.‎7.‎2017) bylo neočekávané.

Error: (07/20/2017 10:17:43 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/20/2017 10:02:46 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/20/2017 09:44:01 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Inicializace se nezdařila, protože přenos odmítl otevřít počáteční adresy.

Error: (07/16/2017 09:32:55 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Stínové kopie svazku C: byly přerušeny kvůli selhání V/V operace. ve svazku C:.

Error: (07/16/2017 09:32:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (07/16/2017 09:32:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (07/16/2017 09:32:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (07/16/2017 08:13:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Antivirus bylo dosaženo časového limitu (30000 ms).

CodeIntegrity:
===================================
Date: 2016-09-01 21:42:33.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 21:42:33.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 14:33:06.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 14:33:06.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 13:03:16.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 13:03:16.134
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 14:24:34.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-18 14:24:34.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-12 17:42:59.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-12 17:42:59.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II Dual-Core M300
Percentage of memory in use: 66%
Total physical RAM: 1788.2 MB
Available physical RAM: 604.81 MB
Total Virtual: 3576.41 MB
Available Virtual: 1816.97 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:25.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: ADF8D5FF)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Kodlz · #6 Příspěvek od **Kodlz** » 20 črc 2017 11:56

Nebylo by spatne si uvolnit misto na diskuuz tam moc volneho mista nezbyva.

Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.bin => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-03] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
ContextMenuHandlers01: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers04: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {682435A2-05ED-4B00-908D-FFC5437FCF8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E047383B-0380-4B14-831F-0E2F7C66687B} - System32\Tasks\{4248CECD-647B-460F-80E4-8C3A288A8A47} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\AppData\Local\Temp\Temp1_VirtualDub-1.9.9[1].zip\auxsetup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [274]
AlternateDataStreams: C:\ProgramData\TEMP:444C53BA [128]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [276]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [120]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [123]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [143]
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D [268]

end

A.d.u.n.a. · #7 Příspěvek od **A.d.u.n.a.** » 20 črc 2017 12:40

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Emachines (20-07-2017 13:20:31) Run:1
Running from C:\Users\Emachines\Desktop
Loaded Profiles: Emachines (Available Profiles: Emachines)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
SearchScopes: HKU\S-1-5-21-3420868250-582647965-2867217246-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... EW_csCZ372
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.bin => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-03] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
ContextMenuHandlers01: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers04: [Qzip3] -> {4C156620-A582-11D5-858B-444553540000} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {682435A2-05ED-4B00-908D-FFC5437FCF8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E047383B-0380-4B14-831F-0E2F7C66687B} - System32\Tasks\{4248CECD-647B-460F-80E4-8C3A288A8A47} => C:\Windows\system32\pcalua.exe -a C:\Users\Emachines\AppData\Local\Temp\Temp1_VirtualDub-1.9.9[1].zip\auxsetup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0 [274]
AlternateDataStreams: C:\ProgramData\TEMP:444C53BA [128]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [276]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [120]
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA [123]
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE [143]
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D [268]

end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3420868250-582647965-2867217246-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully
HKLM\Software\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Emachines\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-03] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully
AppMgmt => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Qzip3 => key removed successfully
HKLM\Software\Classes\CLSID\{4C156620-A582-11D5-858B-444553540000} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Qzip3 => key removed successfully
HKLM\Software\Classes\CLSID\{4C156620-A582-11D5-858B-444553540000} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{682435A2-05ED-4B00-908D-FFC5437FCF8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{682435A2-05ED-4B00-908D-FFC5437FCF8A} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E047383B-0380-4B14-831F-0E2F7C66687B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E047383B-0380-4B14-831F-0E2F7C66687B} => key removed successfully
C:\Windows\System32\Tasks\{4248CECD-647B-460F-80E4-8C3A288A8A47} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4248CECD-647B-460F-80E4-8C3A288A8A47} => key removed successfully
C:\ProgramData\TEMP => ":0B9176C0" ADS removed successfully.
C:\ProgramData\TEMP => ":444C53BA" ADS removed successfully.
C:\ProgramData\TEMP => ":4CF61E54" ADS removed successfully.
C:\ProgramData\TEMP => ":4D066AD2" ADS removed successfully.
C:\ProgramData\TEMP => ":AB689DEA" ADS removed successfully.
C:\ProgramData\TEMP => ":ABE89FFE" ADS removed successfully.
C:\ProgramData\TEMP => ":E1F04E8D" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88851557 B
Java, Flash, Steam htmlcache => 602 B
Windows/system/drivers => 1131183361 B
Edge => 0 B
Chrome => 447012214 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 18465186 B
systemprofile32 => 49442 B
LocalService => 132244 B
NetworkService => 514122 B
Emachines => 655412693 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:25:50 ====

Kodlz · #8 Příspěvek od **Kodlz** » 20 črc 2017 13:00

Stáhni AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Ulož na plochu
Ukonči všechny programy
Klikni nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vlož.

nasledne tento tool MBAM: http://forum.viry.cz/viewtopic.php?f=29&t=144868
-Nainstaluj,dej úplný sken

-Log zkopíruj sem.

A.d.u.n.a. · #9 Příspěvek od **A.d.u.n.a.** » 20 črc 2017 13:30

Tak tady zatím ten Adw Cleaner:
# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 20 12:20:36 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GimpShop

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKU\S-1-5-21-3420868250-582647965-2867217246-1000\Software\GotClip Downloader
Deleted: [Key] - HKCU\Software\GotClip Downloader

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [9514 B] - [2014/11/24 21:24:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [1802 B] - [2015/7/15 16:28:44]
C:/AdwCleaner/AdwCleaner[S2].txt - [1469 B] - [2017/7/20 12:19:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

A.d.u.n.a. · #10 Příspěvek od **A.d.u.n.a.** » 21 črc 2017 13:08

Ten MBAM jsem zkoušela víckrát, ale bohužel se mi po cca 2,5 hodinách kousne noťas a nedá se s ním nic dělat. Nejde hýbat myší, seknutý čas, jako by celá obrazovka zamrzla. :-/

Kodlz · #11 Příspěvek od **Kodlz** » 21 črc 2017 13:36

zkus v nouzovem rezimu.

A.d.u.n.a. · #12 Příspěvek od **A.d.u.n.a.** » 22 črc 2017 17:37

Ahoj, tak jsem to spustila v nouzovém režimu, nakonec program doběhl až na konec, ale žádný log mi přímo nevyjel, jen se mě program ptal na export infa, což snad bude ono. Posílám níže.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 22.07.17
Čas skenování: 10:31
Logovací soubor: Log-malware.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.1.2.1733
Verze komponentů: 1.0.160
Aktualizovat verzi balíku komponent: 1.0.2414
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Emachines-PC\Emachines

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 314179
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 hod, 9 min, 41 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.ASK, C:\USERS\EMACHINES\DOCUMENTS\ÁDA\PROGRAMY\KMP.EXE, Žádná uživatelská akce, [547], [383618],1.0.2414

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Kodlz · #13 Příspěvek od **Kodlz** » 23 črc 2017 18:26

ok... muzes pustit znovu a nechat odstranit to co nasel.

A.d.u.n.a. · #14 Příspěvek od **A.d.u.n.a.** » 25 črc 2017 20:51

Tak jsem to odstranila. Program mi napsal, že uložil log do složky, ale bohužel netuším kam a ani pod jakým názvem. Můžu ti ho poslat, ale nenapadá tě, kde by mohl být, nebo jak ho najít? Na ploše není.

Kodlz · #15 Příspěvek od **Kodlz** » 26 črc 2017 16:16

zkus zde:

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

VIRY.CZ

Prosím o kontrolu. :)

Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)

Re: Prosím o kontrolu. :)