pomaly pocitac

Zpráva

noproblemo · #1 Příspěvek od **noproblemo** » 27 pro 2017 11:41

Dobry den,

moc prosim o kontrolu. Po roce jsem se dostal ke tchanovu pocitaci a je zase uplne nepouzitelny. Zkusil jsem ho procistit vsim, co znam..ale bez uspechu.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2017
Ran by travnicek (administrator) on PCTRAVNICEK (27-12-2017 11:24:40)
Running from C:\Users\travnicek\Downloads
Loaded Profiles: travnicek (Available Profiles: travnicek)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Emotiplus) C:\Users\travnicek\AppData\Local\Emotiplus\Emotiplus.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\ByteFence\rsLggr.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [EmotiplusHelper] => C:\Users\travnicek\AppData\Local\EmotiplusHelper\EmotiplusHelper.exe [136088 2017-02-01] (Emotiplus)
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\Users\travnicek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emotiplus.lnk [2016-08-30]
ShortcutTarget: Emotiplus.lnk -> C:\Users\travnicek\AppData\Local\Emotiplus\Emotiplus.exe (Emotiplus)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2522558767-3081136427-505346211-1000] => Proxy is enabled.
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{50A22487-8616-4C41-8646-5D0C58229564}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File

FireFox:
========
FF DefaultProfile: 9ok3twef.default
FF ProfilePath: C:\Users\travnicek\AppData\Roaming\Mozilla\Firefox\Profiles\9ok3twef.default [2017-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-09] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default [2017-12-27]
CHR Extension: (Prezentace) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09]
CHR Extension: (Dokumenty) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Disk Google) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Vyhledávání Google) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Ginforu) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgffaigieklnhpmefkoehldomjblajmd [2017-03-15]
CHR Extension: (Bing) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-09]
CHR Extension: (Tabulky) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-09]
CHR Extension: (OpenLink) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-2522558767-3081136427-505346211-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-01-23] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-08-24] ()
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-06-01] (Skype Technologies) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-08] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-09-08] (AVAST Software)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1445888 2013-06-28] (Atheros Communications, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 11:24 - 2017-12-27 11:26 - 000011488 _____ C:\Users\travnicek\Downloads\FRST.txt
2017-12-27 11:23 - 2017-12-27 11:24 - 000000000 ____D C:\FRST
2017-12-27 11:22 - 2017-12-27 11:22 - 001752064 _____ (Farbar) C:\Users\travnicek\Downloads\FRST.exe
2017-12-24 15:05 - 2017-12-24 15:05 - 000000104 _____ C:\Users\travnicek\Desktop\Počítač – zástupce.lnk
2017-12-07 16:34 - 2017-12-07 16:35 - 000144952 _____ C:\Windows\Minidump\Mini120717-01.dmp
2017-12-07 16:34 - 2017-12-07 16:34 - 144786066 _____ C:\Windows\MEMORY.DMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 11:23 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\tracing
2017-12-27 11:17 - 2006-11-02 13:47 - 000004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-27 11:17 - 2006-11-02 13:47 - 000004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-27 11:16 - 2016-01-14 15:54 - 000000000 ____D C:\Users\travnicek\AppData\Roaming\Skype
2017-12-27 10:41 - 2016-09-03 09:41 - 000000250 _____ C:\Windows\Tasks\Booking_helper.job
2017-12-27 09:32 - 2016-09-03 09:39 - 000000000 ____D C:\Program Files\ByteFence
2017-12-27 09:19 - 2008-01-21 11:05 - 001530430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-27 09:19 - 2008-01-21 11:04 - 000644310 _____ C:\Windows\system32\perfh005.dat
2017-12-27 09:19 - 2008-01-21 11:04 - 000136980 _____ C:\Windows\system32\perfc005.dat
2017-12-27 09:19 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\inf
2017-12-27 09:12 - 2016-01-14 09:39 - 000016384 _____ C:\Windows\system32\Ikeext.etl
2017-12-27 09:12 - 2006-11-02 14:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-27 09:11 - 2006-11-02 14:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-27 08:50 - 2016-08-30 10:55 - 000000000 ____D C:\ProgramData\ProductData
2017-12-24 16:13 - 2016-01-13 15:17 - 000000000 ____D C:\ProgramData\Skype
2017-12-16 18:33 - 2017-10-29 11:12 - 009988046 _____ C:\Users\travnicek\Documents\MVI_0003.3gp
2017-12-07 16:34 - 2016-01-29 16:30 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2016-08-22 19:47 - 2016-08-22 20:57 - 006871040 _____ () C:\Program Files\GUTBDA7.tmp
2016-01-09 12:07 - 2016-01-09 12:47 - 000000680 _____ () C:\Users\travnicek\AppData\Local\d3d9caps.dat
2016-01-23 16:45 - 2016-01-23 16:45 - 000000000 _____ () C:\Users\travnicek\AppData\Local\{78B0BB52-2768-4769-8F72-A4F33C10E726}

Some files in TEMP:
====================
2016-01-14 16:05 - 2016-01-14 16:05 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BingSvc.exe
2016-01-14 16:04 - 2016-01-14 16:05 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BSvcProcessor.exe
2016-01-14 16:04 - 2016-01-14 16:04 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BSvcUpdater.exe
2016-09-01 17:16 - 2016-09-01 17:16 - 000257432 _____ (Emotiplus) C:\Users\travnicek\AppData\Local\Temp\Emotiplus_Uninstaller.exe
2017-08-05 19:57 - 2017-08-05 19:57 - 014456872 _____ (Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\vc_redist.x86.exe
2016-03-08 05:29 - 2016-03-08 05:29 - 007749208 _____ (Google Inc.) C:\Users\travnicek\AppData\Local\Temp\{5A5CE05F-E0A2-40D8-8C4B-A5EA01F4DA79}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
2016-04-06 04:13 - 2016-04-06 04:13 - 045001120 _____ (Google Inc.) C:\Users\travnicek\AppData\Local\Temp\{C862A453-92A4-4C2B-A5BB-315FAB21EFE7}-49.0.2623.112_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-27 09:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2017
Ran by travnicek (27-12-2017 11:27:30)
Running from C:\Users\travnicek\Downloads
Microsoft® Windows Vista™ Business Service Pack 2 (X86) (2016-01-09 11:03:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2522558767-3081136427-505346211-500 - Administrator - Disabled)
Guest (S-1-5-21-2522558767-3081136427-505346211-501 - Limited - Enabled)
travnicek (S-1-5-21-2522558767-3081136427-505346211-1000 - Administrator - Enabled) => C:\Users\travnicek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.13 (HKLM\...\7-Zip) (Version: 15.13 - Igor Pavlov)
Adobe Reader XI - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Booking.com version 1.1.0.5019 (HKLM\...\{958A475F-037D-401A-AC05-209725973E11}_is1) (Version: 1.1.0.5019 - Booking.com) <==== ATTENTION
ByteFence Anti-Malware (HKLM\...\ByteFence) (Version: 3.9.0.3 - Byte Technologies LLC) <==== ATTENTION
Emotiplus (HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Emotiplus) (Version: 1.1.9.0 - Emotiplus)
FormatFactory 4.0.0.0 (HKLM\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PRO Alerting Agent (HKLM\...\{53183B25-FBDC-4B95-856A-DCDD69DFEE18}) (Version: 12.0.2 - Intel Corporation)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.020 - Dell)
Mozilla Firefox 52.2.1 ESR (x86 cs) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 cs)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1 - Mozilla)
PicosmosTools 1.9.0.0 (HKLM\...\PicosmosTools) (Version: 1.9.0.0 - Free Time)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Skype™ 7.38 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5491 - Analog Devices)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-12-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FDDCD82-C909-4E55-9FB9-5D67B1C54751} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {1B90CFB4-C3B4-4CC9-A25B-BC6BCF0C8B15} - System32\Tasks\SafeZone scheduled Autoupdate 1465981487 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {1C8AEDDD-A808-4F11-8DDD-10E8DAC68CC1} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-04-19] (Byte Technologies LLC) <==== ATTENTION
Task: {5DFF805E-5871-44EE-B9E8-13D66B040111} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5F5BE3E3-976A-45BD-8A6E-E80D0D556AD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {6DD7AFAE-CB8B-44CC-9C2F-6AB841472D97} - System32\Tasks\Booking_helper => C:\Program Files\Booking.com\Booking_helper.exe [2016-07-25] ()
Task: {6FF8DD98-32E6-4677-B4D0-357652F1C7A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {7DEF854A-B375-424A-8DE5-3219F59E6BA6} - System32\Tasks\{BF278FAC-9318-494E-96EA-131DDB69028C} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/cs/go/help.faq.installer?LastError=1603
Task: {82BA62E7-5467-4140-81A8-198A9202ADAB} - System32\Tasks\{8E5E6CA7-968B-4556-AFBD-F49EA2EE819E} => "c:\program files\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {8A4AEB9C-4A3D-414C-B18A-47DC38104B57} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {B9D7A131-8013-4896-A7BE-2D3669832AEC} - System32\Tasks\{4435FC61-407F-4E52-9E28-DCBD1168906C} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/cs/abandoninstall?source=lightinstaller&page=tsBing
Task: {C9065206-5F0D-41E9-9167-1836AAE09396} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Booking_helper.job => C:\PROGRA~1\Booking.com\BOOKIN~2.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-06-20 10:28 - 2017-06-20 10:28 - 001997792 ____R () C:\Program Files\Skype\Phone\skypert.dll
2016-09-03 09:53 - 2017-08-24 16:51 - 000302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-09-03 09:53 - 2017-08-24 16:51 - 000620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2016-05-25 13:38 - 2016-05-25 13:38 - 000106776 _____ () C:\Program Files\ByteFence\x86\lz4_x86.dll
2017-03-07 19:18 - 2017-03-07 19:18 - 000582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
2016-09-07 09:24 - 2016-09-06 11:00 - 005197312 _____ () C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 09:24 - 2016-09-06 11:00 - 000147456 _____ () C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\travnicek\Downloads\IMG_6595.MOV.mov:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Impro.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (1).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (3).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (4).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (5).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (6).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (7).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0001.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0005.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0008.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0010.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0068.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (2).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (3).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (4).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01.MOV:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2017-12-27 09:12 - 000002040 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{57CB0012-92DE-4498-A1A5-CB1BC53DF670}] => (Allow) LPort=80
FirewallRules: [{1497E8EF-D32E-4756-8CED-61A45CBF0D96}] => (Allow) LPort=80
FirewallRules: [{42E239FB-4AF6-41DE-BFB2-5769B5E309E3}] => (Allow) LPort=80
FirewallRules: [{64FDAE42-B79F-46E2-B844-B0C7D7937572}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C73666F9-39F4-4457-8DA8-F6C255D167B4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA752215-1D2D-4878-9B09-26E4605DD0A1}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{12DF11AA-0518-4DFF-A0F3-1CA10EEBA023}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F5FB942B-8C5B-45FE-BD24-251435D50A8F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{6BA14447-34D8-4648-AEE8-6621433E5322}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C7FDEF2D-CE5C-4553-BF5D-0A01BB7EAE95}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{D8955844-93A6-49EC-8395-A4ACEACABBED}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1B7F986C-CCED-4480-884A-E59B616FB082}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{9D60BC87-D2E9-4F45-A467-1D5181030EEC}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{91E0CBBE-D793-4454-9E9D-1B366D562A8A}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{CAA1680A-4F04-4C21-8EFD-B7FCC3C326BA}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{C6B66C2D-1471-4DCD-BF9E-54F731A90A0F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F617C9B7-57AE-43F3-83AA-A93D27417DBF}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{6226976D-A69C-4F57-A231-0A6F47D4153E}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{A23E95B6-9030-4AA5-B57D-32B17AC39896}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{9BAE1FDD-C4BA-4E92-9418-A963AB4B9FB3}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{06AA3818-638A-4EA4-9682-6F3466C52751}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DC1EE54A-4028-4665-9396-200136C394F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9BAC4448-4E64-4305-B809-83CA4FE405F4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

02-06-2017 17:12:36 Operace obnovení
10-06-2017 12:14:04 Operace obnovení
05-08-2017 19:57:36 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
05-08-2017 20:05:17 Installed Skype™ 7.39
03-10-2017 18:41:45 Naplánovaný kontrolní bod
05-11-2017 14:07:26 Operace obnovení
05-11-2017 14:45:05 Installed Skype™ 7.39
05-11-2017 15:36:53 Operace obnovení
09-11-2017 17:21:46 Operace obnovení
09-11-2017 18:44:16 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Řadič jednoduché komunikace pro sběrnici PCI
Description: Řadič jednoduché komunikace pro sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Sériový port sběrnice PCI
Description: Sériový port sběrnice PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2017 09:30:11 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/27/2017 09:13:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2017 09:08:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/27/2017 08:49:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2017 03:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu PNRPsvc v knihovně DLL C:\Windows\system32\pnrpperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/26/2017 03:46:24 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/26/2017 03:46:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: Procedura Collect pro službu EmdCache v knihovně DLL C:\Windows\system32\emdmgmt.dll generovala výjimku nebo vrátila neplatný stav. Výkonnostní data vrácená knihovnou DLL čítačů nebudou vrácena v bloku výkonnostních dat. Kód výjimky nebo stavu obsahují první čtyři bajty (DWORD) v datové části.

Error: (12/26/2017 03:27:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2017 10:08:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/26/2017 09:51:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (12/27/2017 09:14:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/27/2017 09:14:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (12/27/2017 09:13:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (12/27/2017 08:52:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/27/2017 08:52:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (12/27/2017 08:49:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (12/26/2017 03:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/26/2017 03:29:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (12/26/2017 03:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (12/26/2017 09:53:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

CodeIntegrity:
===================================
Date: 2016-10-10 21:41:16.900
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 21:41:16.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 18:32:55.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 18:32:55.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 12:02:29.649
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 12:02:29.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 17:43:34.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 17:43:34.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 08:27:47.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 08:27:47.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 88%
Total physical RAM: 979.88 MB
Available physical RAM: 110.4 MB
Total Virtual: 2665.39 MB
Available Virtual: 720.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:96.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 2C0BAC84)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2 Příspěvek od **Rudy** » 27 pro 2017 12:19

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

noproblemo · #3 Příspěvek od **noproblemo** » 27 pro 2017 12:27

Zdravim, ok, posilam..

# AdwCleaner 7.0.6.0 - Logfile created on Wed Dec 27 11:26:36 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-26-2017.1
# Running on Windows Vista (TM) Business (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.ByteFence, rtop

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\travnicek\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\ProgramData\Reimage Protector
PUP.Optional.Legacy, C:\ProgramData\Application Data\Reimage Protector
PUP.Optional.Legacy, C:\Users\All Users\Reimage Protector
PUP.Optional.Legacy, C:\rei
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Reimage, C:\Program Files\Reimage
PUP.Optional.ByteFence, C:\ProgramData\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Application Data\ByteFence
PUP.Optional.ByteFence, C:\Program Files\ByteFence
PUP.Optional.ByteFence, C:\Users\All Users\ByteFence
PUP.Optional.Booking, C:\Program Files\Booking.com

***** [ Files ] *****

PUP.Optional.Reimage, C:\Windows\Temp\reimage.log
PUP.Optional.Reimage, C:\Users\travnicek\AppData\Local\Temp\reimage.log

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, ByteFence Scan
PUP.Optional.ByteFence, ByteFence
PUP.Optional.Booking, Booking_helper

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\GoldenGate
PUP.Optional.Legacy, [Key] - HKCU\Software\GoldenGate
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKCU\Software\ByteFence
PUP.Optional.ByteFence, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ByteFence.exe
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.Booking, [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\Booking.com
PUP.Optional.Booking, [Key] - HKCU\Software\Booking.com
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: MSN Homepage & Bing Search Engine -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2321 B] - [2016/9/23 19:19:56]
C:/AdwCleaner/AdwCleaner[S1].txt - [2066 B] - [2016/9/23 19:26:7]
C:/AdwCleaner/AdwCleaner[S2].txt - [2140 B] - [2016/9/23 19:31:37]
C:/AdwCleaner/AdwCleaner[S3].txt - [2214 B] - [2016/9/23 19:35:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

jeste log po odstraneni chyb a restartu

# AdwCleaner 7.0.6.0 - Logfile created on Wed Dec 27 11:58:12 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows Vista (TM) Business (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: rtop

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\travnicek\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Reimage Protector
Deleted: C:\ProgramData\Application Data\Reimage Protector
Deleted: C:\Users\All Users\Reimage Protector
Deleted: C:\rei
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Program Files\Reimage
Deleted: C:\ProgramData\ByteFence
Deleted: C:\ProgramData\Application Data\ByteFence
Deleted: C:\Program Files\ByteFence
Deleted: C:\Users\All Users\ByteFence
Deleted: C:\Program Files\Booking.com

***** [ Files ] *****

Deleted: C:\Windows\Temp\reimage.log
Deleted: C:\Users\travnicek\AppData\Local\Temp\reimage.log

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: ByteFence Scan
Deleted: ByteFence
Deleted: Booking_helper

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\GoldenGate
Deleted: [Key] - HKCU\Software\GoldenGate
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKLM\SOFTWARE\ByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Key] - HKCU\Software\ByteFence
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\Booking.com
Deleted: [Key] - HKCU\Software\Booking.com
Deleted: [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: MSN Homepage & Bing Search Engine -

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2321 B] - [2016/9/23 19:19:56]
C:/AdwCleaner/AdwCleaner[S1].txt - [2066 B] - [2016/9/23 19:26:7]
C:/AdwCleaner/AdwCleaner[S2].txt - [2140 B] - [2016/9/23 19:31:37]
C:/AdwCleaner/AdwCleaner[S3].txt - [2214 B] - [2016/9/23 19:35:45]
C:/AdwCleaner/AdwCleaner[S4].txt - [4655 B] - [2017/12/27 11:26:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4 Příspěvek od **Rudy** » 27 pro 2017 13:16

Dejte nový log FRST.

noproblemo · #5 Příspěvek od **noproblemo** » 27 pro 2017 14:26

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2017
Ran by travnicek (administrator) on PCTRAVNICEK (27-12-2017 14:12:43)
Running from C:\Users\travnicek\Downloads
Loaded Profiles: travnicek (Available Profiles: travnicek)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Emotiplus) C:\Users\travnicek\AppData\Local\Emotiplus\Emotiplus.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\travnicek\Downloads\FRST (1).exe
(Farbar) C:\Users\travnicek\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [EmotiplusHelper] => C:\Users\travnicek\AppData\Local\EmotiplusHelper\EmotiplusHelper.exe [136088 2017-02-01] (Emotiplus)
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\Users\travnicek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emotiplus.lnk [2016-08-30]
ShortcutTarget: Emotiplus.lnk -> C:\Users\travnicek\AppData\Local\Emotiplus\Emotiplus.exe (Emotiplus)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2522558767-3081136427-505346211-1000] => Proxy is enabled.
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{50A22487-8616-4C41-8646-5D0C58229564}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File

FireFox:
========
FF DefaultProfile: 9ok3twef.default
FF ProfilePath: C:\Users\travnicek\AppData\Roaming\Mozilla\Firefox\Profiles\9ok3twef.default [2017-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-09] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default [2017-12-27]
CHR Extension: (Prezentace) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09]
CHR Extension: (Dokumenty) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Disk Google) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Vyhledávání Google) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Ginforu) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgffaigieklnhpmefkoehldomjblajmd [2017-03-15]
CHR Extension: (Tabulky) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-09]
CHR Extension: (OpenLink) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-2522558767-3081136427-505346211-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-01-23] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-06-01] (Skype Technologies) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-08] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-09-08] (AVAST Software)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1445888 2013-06-28] (Atheros Communications, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 14:17 - 2017-12-27 14:17 - 000153784 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\7A822026.sys
2017-12-27 14:16 - 2017-12-27 14:17 - 000000000 ____D C:\KVRT_Data
2017-12-27 14:11 - 2017-12-27 14:11 - 001752064 _____ (Farbar) C:\Users\travnicek\Downloads\FRST (1).exe
2017-12-27 14:00 - 2017-12-27 14:02 - 135459112 _____ (Kaspersky Lab ZAO) C:\Users\travnicek\Downloads\KVRT (1).exe
2017-12-27 13:11 - 2017-12-27 13:16 - 135459112 _____ (Kaspersky Lab ZAO) C:\Users\travnicek\Downloads\KVRT.exe
2017-12-27 12:22 - 2017-12-27 12:22 - 008198432 _____ (Malwarebytes) C:\Users\travnicek\Downloads\adwcleaner_7.0.6.0.exe
2017-12-27 11:27 - 2017-12-27 11:29 - 000027464 _____ C:\Users\travnicek\Downloads\Addition.txt
2017-12-27 11:24 - 2017-12-27 14:18 - 000011176 _____ C:\Users\travnicek\Downloads\FRST.txt
2017-12-27 11:23 - 2017-12-27 14:12 - 000000000 ____D C:\FRST
2017-12-27 11:22 - 2017-12-27 11:22 - 001752064 _____ (Farbar) C:\Users\travnicek\Downloads\FRST.exe
2017-12-24 15:05 - 2017-12-24 15:05 - 000000104 _____ C:\Users\travnicek\Desktop\Počítač – zástupce.lnk
2017-12-07 16:34 - 2017-12-07 16:35 - 000144952 _____ C:\Windows\Minidump\Mini120717-01.dmp
2017-12-07 16:34 - 2017-12-07 16:34 - 144786066 _____ C:\Windows\MEMORY.DMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 14:02 - 2016-01-14 15:54 - 000000000 ____D C:\Users\travnicek\AppData\Roaming\Skype
2017-12-27 13:06 - 2008-01-21 11:05 - 001530430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-27 13:06 - 2008-01-21 11:04 - 000644310 _____ C:\Windows\system32\perfh005.dat
2017-12-27 13:06 - 2008-01-21 11:04 - 000136980 _____ C:\Windows\system32\perfc005.dat
2017-12-27 13:06 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\inf
2017-12-27 12:59 - 2016-01-14 09:39 - 000016384 _____ C:\Windows\system32\Ikeext.etl
2017-12-27 12:59 - 2006-11-02 14:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-27 12:59 - 2006-11-02 13:47 - 000004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-27 12:59 - 2006-11-02 13:47 - 000004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-27 12:58 - 2017-01-29 13:41 - 000000000 ____D C:\ProgramData\ByteFence
2017-12-27 12:58 - 2016-09-23 20:18 - 000000000 ____D C:\AdwCleaner
2017-12-27 12:58 - 2006-11-02 14:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-27 12:57 - 2016-09-03 09:39 - 000000000 ____D C:\Program Files\ByteFence
2017-12-27 12:57 - 2016-08-30 10:52 - 000000000 ____D C:\Program Files\Common Files\IObit
2017-12-27 12:57 - 2016-08-30 10:50 - 000000000 ____D C:\Users\travnicek\AppData\Roaming\IObit
2017-12-27 12:57 - 2016-08-30 10:50 - 000000000 ____D C:\ProgramData\IObit
2017-12-27 11:23 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\tracing
2017-12-27 08:50 - 2016-08-30 10:55 - 000000000 ____D C:\ProgramData\ProductData
2017-12-24 16:13 - 2016-01-13 15:17 - 000000000 ____D C:\ProgramData\Skype
2017-12-16 18:33 - 2017-10-29 11:12 - 009988046 _____ C:\Users\travnicek\Documents\MVI_0003.3gp
2017-12-07 16:34 - 2016-01-29 16:30 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2016-08-22 19:47 - 2016-08-22 20:57 - 006871040 _____ () C:\Program Files\GUTBDA7.tmp
2016-01-09 12:07 - 2016-01-09 12:47 - 000000680 _____ () C:\Users\travnicek\AppData\Local\d3d9caps.dat
2016-01-23 16:45 - 2016-01-23 16:45 - 000000000 _____ () C:\Users\travnicek\AppData\Local\{78B0BB52-2768-4769-8F72-A4F33C10E726}

Some files in TEMP:
====================
2016-01-14 16:05 - 2016-01-14 16:05 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BingSvc.exe
2016-01-14 16:04 - 2016-01-14 16:05 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BSvcProcessor.exe
2016-01-14 16:04 - 2016-01-14 16:04 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\BSvcUpdater.exe
2016-09-01 17:16 - 2016-09-01 17:16 - 000257432 _____ (Emotiplus) C:\Users\travnicek\AppData\Local\Temp\Emotiplus_Uninstaller.exe
2017-08-05 19:57 - 2017-08-05 19:57 - 014456872 _____ (Microsoft Corporation) C:\Users\travnicek\AppData\Local\Temp\vc_redist.x86.exe
2016-03-08 05:29 - 2016-03-08 05:29 - 007749208 _____ (Google Inc.) C:\Users\travnicek\AppData\Local\Temp\{5A5CE05F-E0A2-40D8-8C4B-A5EA01F4DA79}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
2016-04-06 04:13 - 2016-04-06 04:13 - 045001120 _____ (Google Inc.) C:\Users\travnicek\AppData\Local\Temp\{C862A453-92A4-4C2B-A5BB-315FAB21EFE7}-49.0.2623.112_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-27 13:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2017
Ran by travnicek (27-12-2017 14:20:44)
Running from C:\Users\travnicek\Downloads
Microsoft® Windows Vista™ Business Service Pack 2 (X86) (2016-01-09 11:03:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2522558767-3081136427-505346211-500 - Administrator - Disabled)
Guest (S-1-5-21-2522558767-3081136427-505346211-501 - Limited - Enabled)
travnicek (S-1-5-21-2522558767-3081136427-505346211-1000 - Administrator - Enabled) => C:\Users\travnicek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.13 (HKLM\...\7-Zip) (Version: 15.13 - Igor Pavlov)
Adobe Reader XI - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Booking.com version 1.1.0.5019 (HKLM\...\{958A475F-037D-401A-AC05-209725973E11}_is1) (Version: 1.1.0.5019 - Booking.com) <==== ATTENTION
Emotiplus (HKU\S-1-5-21-2522558767-3081136427-505346211-1000\...\Emotiplus) (Version: 1.1.9.0 - Emotiplus)
FormatFactory 4.0.0.0 (HKLM\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PRO Alerting Agent (HKLM\...\{53183B25-FBDC-4B95-856A-DCDD69DFEE18}) (Version: 12.0.2 - Intel Corporation)
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.020 - Dell)
Mozilla Firefox 52.2.1 ESR (x86 cs) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 cs)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1 - Mozilla)
PicosmosTools 1.9.0.0 (HKLM\...\PicosmosTools) (Version: 1.9.0.0 - Free Time)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Skype™ 7.38 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5491 - Analog Devices)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-12-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FDDCD82-C909-4E55-9FB9-5D67B1C54751} - \ByteFence Scan -> No File <==== ATTENTION
Task: {1B90CFB4-C3B4-4CC9-A25B-BC6BCF0C8B15} - System32\Tasks\SafeZone scheduled Autoupdate 1465981487 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {1C8AEDDD-A808-4F11-8DDD-10E8DAC68CC1} - \ByteFence -> No File <==== ATTENTION
Task: {5DFF805E-5871-44EE-B9E8-13D66B040111} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5F5BE3E3-976A-45BD-8A6E-E80D0D556AD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {6DD7AFAE-CB8B-44CC-9C2F-6AB841472D97} - \Booking_helper -> No File <==== ATTENTION
Task: {6FF8DD98-32E6-4677-B4D0-357652F1C7A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {7DEF854A-B375-424A-8DE5-3219F59E6BA6} - System32\Tasks\{BF278FAC-9318-494E-96EA-131DDB69028C} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/cs/go/help.faq.installer?LastError=1603
Task: {82BA62E7-5467-4140-81A8-198A9202ADAB} - System32\Tasks\{8E5E6CA7-968B-4556-AFBD-F49EA2EE819E} => "c:\program files\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {8A4AEB9C-4A3D-414C-B18A-47DC38104B57} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {B9D7A131-8013-4896-A7BE-2D3669832AEC} - System32\Tasks\{4435FC61-407F-4E52-9E28-DCBD1168906C} => "c:\program files\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.106/cs/abandoninstall?source=lightinstaller&page=tsBing
Task: {C9065206-5F0D-41E9-9167-1836AAE09396} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-06-20 10:28 - 2017-06-20 10:28 - 001997792 ____R () C:\Program Files\Skype\Phone\skypert.dll
2016-09-07 09:24 - 2016-09-06 11:00 - 005197312 _____ () C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 09:24 - 2016-09-06 11:00 - 000147456 _____ () C:\Users\travnicek\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\travnicek\Downloads\IMG_6595.MOV.mov:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Impro.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (1).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (3).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (4).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (5).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (6).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (7).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0001.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0005.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0008.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0010.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0068.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (2).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (3).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (4).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01.MOV:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\7A822026.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\7A822026.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2017-12-27 09:12 - 000002040 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2522558767-3081136427-505346211-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{57CB0012-92DE-4498-A1A5-CB1BC53DF670}] => (Allow) LPort=80
FirewallRules: [{1497E8EF-D32E-4756-8CED-61A45CBF0D96}] => (Allow) LPort=80
FirewallRules: [{42E239FB-4AF6-41DE-BFB2-5769B5E309E3}] => (Allow) LPort=80
FirewallRules: [{64FDAE42-B79F-46E2-B844-B0C7D7937572}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C73666F9-39F4-4457-8DA8-F6C255D167B4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA752215-1D2D-4878-9B09-26E4605DD0A1}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{12DF11AA-0518-4DFF-A0F3-1CA10EEBA023}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F5FB942B-8C5B-45FE-BD24-251435D50A8F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{6BA14447-34D8-4648-AEE8-6621433E5322}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C7FDEF2D-CE5C-4553-BF5D-0A01BB7EAE95}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{D8955844-93A6-49EC-8395-A4ACEACABBED}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1B7F986C-CCED-4480-884A-E59B616FB082}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{9D60BC87-D2E9-4F45-A467-1D5181030EEC}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{91E0CBBE-D793-4454-9E9D-1B366D562A8A}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{CAA1680A-4F04-4C21-8EFD-B7FCC3C326BA}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{C6B66C2D-1471-4DCD-BF9E-54F731A90A0F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F617C9B7-57AE-43F3-83AA-A93D27417DBF}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{6226976D-A69C-4F57-A231-0A6F47D4153E}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{A23E95B6-9030-4AA5-B57D-32B17AC39896}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{9BAE1FDD-C4BA-4E92-9418-A963AB4B9FB3}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{06AA3818-638A-4EA4-9682-6F3466C52751}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DC1EE54A-4028-4665-9396-200136C394F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9BAC4448-4E64-4305-B809-83CA4FE405F4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

02-06-2017 17:12:36 Operace obnovení
10-06-2017 12:14:04 Operace obnovení
05-08-2017 19:57:36 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
05-08-2017 20:05:17 Installed Skype™ 7.39
03-10-2017 18:41:45 Naplánovaný kontrolní bod
05-11-2017 14:07:26 Operace obnovení
05-11-2017 14:45:05 Installed Skype™ 7.39
05-11-2017 15:36:53 Operace obnovení
09-11-2017 17:21:46 Operace obnovení
09-11-2017 18:44:16 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Řadič jednoduché komunikace pro sběrnici PCI
Description: Řadič jednoduché komunikace pro sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Sériový port sběrnice PCI
Description: Sériový port sběrnice PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2017 12:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2017 09:30:11 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/27/2017 09:13:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2017 09:08:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/27/2017 08:49:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2017 03:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu PNRPsvc v knihovně DLL C:\Windows\system32\pnrpperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/26/2017 03:46:24 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (12/26/2017 03:46:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: Procedura Collect pro službu EmdCache v knihovně DLL C:\Windows\system32\emdmgmt.dll generovala výjimku nebo vrátila neplatný stav. Výkonnostní data vrácená knihovnou DLL čítačů nebudou vrácena v bloku výkonnostních dat. Kód výjimky nebo stavu obsahují první čtyři bajty (DWORD) v datové části.

Error: (12/26/2017 03:27:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2017 10:08:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

System errors:
=============
Error: (12/27/2017 01:02:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/27/2017 01:02:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (12/27/2017 12:59:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (12/27/2017 12:58:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (12/27/2017 12:57:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/27/2017 09:14:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/27/2017 09:14:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (12/27/2017 09:13:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (12/27/2017 08:52:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/27/2017 08:52:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

CodeIntegrity:
===================================
Date: 2017-12-27 14:19:40.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\7A822026.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-12-27 14:19:40.520
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\7A822026.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-12-27 14:19:40.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\7A822026.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-12-27 14:19:39.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\7A822026.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 21:41:16.900
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 21:41:16.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 18:32:55.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 18:32:55.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 12:02:29.649
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 12:02:29.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 89%
Total physical RAM: 979.88 MB
Available physical RAM: 103.68 MB
Total Virtual: 2368.1 MB
Available Virtual: 460.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:95.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 2C0BAC84)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6 Příspěvek od **Rudy** » 27 pro 2017 17:51

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-2522558767-3081136427-505346211-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
C:\Program Files\GUTBDA7.tmp
C:\Users\travnicek\AppData\Local\Temp
Booking.com version 1.1.0.5019 (HKLM\...\{958A475F-037D-401A-AC05-209725973E11}_is1) (Version: 1.1.0.5019 - Booking.com) <==== ATTENTION
Task: {0FDDCD82-C909-4E55-9FB9-5D67B1C54751} - \ByteFence Scan -> No File <==== ATTENTION
Task: {1C8AEDDD-A808-4F11-8DDD-10E8DAC68CC1} - \ByteFence -> No File <==== ATTENTION
Task: {6DD7AFAE-CB8B-44CC-9C2F-6AB841472D97} - \Booking_helper -> No File <==== ATTENTION
Task: {6FF8DD98-32E6-4677-B4D0-357652F1C7A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
AlternateDataStreams: C:\Users\travnicek\Downloads\IMG_6595.MOV.mov:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Impro.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (1).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (3).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (4).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (5).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (6).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace (7).mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\Improvizace.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0001.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0002.mp4:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.3gp:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0003.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0005.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0008.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0010.MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_0068.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (2).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (3).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01 (4).MOV:TOC.WMV [130]
AlternateDataStreams: C:\Users\travnicek\Documents\MVI_00y01.MOV:TOC.WMV [130]

EmptyTemp:
ResetHosts:
End

Uložte do C:\Users\travnicek\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VIRY.CZ

pomaly pocitac

pomaly pocitac

Re: pomaly pocitac

Re: pomaly pocitac

Re: pomaly pocitac

Re: pomaly pocitac

Re: pomaly pocitac