VIRY.CZ

Dobry vecer, poprosim vas o kontrolu logu. Notebook ma problemy s nabootovnim windows.
Spustil sa az po xy pokusoch. Pred spustenim som nahradil v system32/config SAM,SECURITY,SYSTEM,software,default z datumu 3.3.2017
Pri starte vyhodi 2x chybu Rundll .... zasuvny modul sa nepodarilo najst.
Posielam log pre kontrolu na viry

Vopred dakujem

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Mato (administrator) on MATO (19-03-2017 23:04:39)
Running from C:\Users\Mato\Downloads
Loaded Profiles: Mato (Available Profiles: Mato)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Mato\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\GenValObj.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [Steam] => D:\Hry\Skyrim\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [uTorrent] => C:\Users\Mato\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [Facebook Update] => C:\Users\Mato\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-15] (Facebook Inc.)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\RunOnce: [Application Restart #1] => C:\Users\Mato\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7875640 2015-10-30] (Pokki)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\RunOnce: [Application Restart #0] => C:\Users\Mato\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7875640 2015-10-30] (Pokki)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.48.221.10 10.0.0.1
Tcpip\..\Interfaces\{30F310FD-3790-491C-BE59-01522AFED992}: [DhcpNameServer] 77.48.221.10 10.0.0.1
Tcpip\..\Interfaces\{F8F8D734-DADE-4225-9508-26EA3C586CF3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={F7975B19-B5B8-11E2-BE81-6036DDB09CE8}
SearchScopes: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: No Name -> {FEB703F7-E7B2-4AB0-9566-87658AC70095} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\7wFYJ7DL.default [not found]
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @richmediaplayer.com/nppluginrichmediaplayer -> C:\Program Files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-08] ()
FF Plugin HKU\S-1-5-21-4204622686-3959268731-1216914738-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mato\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4204622686-3959268731-1216914738-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default [2017-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-19]
CHR Extension: (IE Tab) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2017-03-19]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-01-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-19]
CHR Extension: (Camera Video) - C:\Users\Mato\AppData\Local\Camera Video\Component [2015-12-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mato\AppData\Roaming\BabSolution\CR\Delta.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx <not found>

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Adblock Plus) - C:\Users\Mato\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
S3 DAUpdaterSvc; D:\Hry\Dragon\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-04-06] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-04-06] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-04-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-04-06] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-11-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-11-11] (AVAST Software)
S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-11] (AVAST Software)
S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-11-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-11-11] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-11-11] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-11] (AVAST Software)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-13] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2013-03-27] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [263528 2015-11-20] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14976 2015-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [186784 2015-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [142976 2015-11-20] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [206312 2015-11-20] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [52872 2015-12-19] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [69840 2015-11-20] (ESET)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-01] (REALiX(tm))
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3349984 2014-04-17] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-04-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S4 IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [X]
S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 23:04 - 2017-03-19 23:04 - 00021695 _____ C:\Users\Mato\Downloads\FRST.txt
2017-03-19 23:04 - 2017-03-19 23:04 - 00000000 ____D C:\FRST
2017-03-19 23:03 - 2017-03-19 23:04 - 02424832 _____ (Farbar) C:\Users\Mato\Downloads\FRST64.exe
2017-03-19 23:03 - 2017-03-19 23:04 - 02424832 _____ (Farbar) C:\Users\Mato\Downloads\FRST64 (1).exe
2017-03-19 22:59 - 2017-03-19 22:59 - 00688992 _____ (Swearware) C:\Users\Mato\Downloads\dds.exe
2017-03-19 22:54 - 2017-03-19 22:56 - 00000000 ____D C:\rsit
2017-03-19 22:54 - 2017-03-19 22:54 - 00000000 ____D C:\Program Files\trend micro
2017-03-19 22:39 - 2017-03-19 22:39 - 00000000 ____D C:\ProgramData\ProductData
2017-03-19 19:39 - 2017-03-19 19:41 - 00267152 _____ C:\WINDOWS\ntbtlog.txt
2017-03-19 19:06 - 2017-03-19 19:06 - 00000000 _____ C:\Recovery.txt
2017-03-19 19:03 - 2017-03-19 20:35 - 647989563 _____ C:\WINDOWS\MEMORY.DMP
2017-03-19 18:54 - 2017-03-19 18:54 - 00000000 __SHD C:\found.000
2017-03-19 18:46 - 2017-03-19 18:46 - 00004027 _____ C:\Users\Mato\Desktop\JRT.txt
2017-03-19 18:42 - 2017-03-19 18:43 - 00625979 _____ C:\Users\Mato\Documents\pinfect.zip
2017-03-19 18:42 - 2017-03-19 18:43 - 00000027 _____ C:\WINDOWS\Lic.xxx
2017-03-19 18:42 - 2017-03-19 18:43 - 00000000 ____D C:\ProgramData\Kaspersky SDK
2017-03-19 18:41 - 2017-03-19 18:41 - 00000000 ____D C:\ProgramData\MicroWorld
2017-03-19 15:37 - 2017-03-19 15:37 - 00001159 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-12 22:00 - 2017-03-12 22:00 - 00091324 _____ C:\Users\Mato\Desktop\13.3. - 17.3. 2017 Jedálny lístok Pamlska.pdf
2017-03-12 21:59 - 2017-03-12 21:59 - 00044065 _____ C:\Users\Mato\Desktop\13.3. - 17.3. 2017 Jedálny lístok Pamlska.odt
2017-03-05 23:01 - 2017-03-12 21:59 - 00044065 _____ C:\Users\Mato\Desktop\6.3. - 10.3. 2017 Jedálny lístok Pamlska.odt
2017-02-25 11:05 - 2017-02-25 11:05 - 00010615 _____ C:\Users\Mato\Downloads\Príloha_bez_názvu_00082 (1).htm
2017-02-25 10:21 - 2017-02-25 10:21 - 00000297 _____ C:\Users\Mato\Downloads\_Certification_.htm
2017-02-25 09:49 - 2017-02-25 09:49 - 00010615 _____ C:\Users\Mato\Downloads\Príloha_bez_názvu_00082.htm
2017-02-22 17:46 - 2017-02-22 17:46 - 00000000 ____D C:\Users\Mato\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-19 23:03 - 2014-11-08 14:50 - 00000000 ___DO C:\Users\Mato\OneDrive
2017-03-19 23:00 - 2016-09-15 22:22 - 00000000 ____D C:\Users\Mato\AppData\Local\IE Tab
2017-03-19 23:00 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-19 22:58 - 2015-10-19 21:20 - 00003806 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EC17E433-736A-415F-B462-6F4495E34941}
2017-03-19 22:58 - 2013-03-27 21:29 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-19 22:56 - 2016-11-01 22:14 - 00647040 _____ C:\WINDOWS\system32\perfh01B.dat
2017-03-19 22:56 - 2016-11-01 22:14 - 00122548 _____ C:\WINDOWS\system32\perfc01B.dat
2017-03-19 22:56 - 2014-09-24 06:35 - 01521674 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-19 22:56 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-19 22:56 - 2013-03-27 19:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4204622686-3959268731-1216914738-1001
2017-03-19 22:53 - 2013-03-27 19:15 - 00000000 ____D C:\Users\Mato\AppData\Local\VirtualStore
2017-03-19 22:47 - 2013-05-08 10:31 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-19 22:35 - 2014-11-07 22:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-19 22:35 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-19 18:48 - 2014-11-07 22:16 - 00000000 ____D C:\Users\Mato
2017-03-19 18:48 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-03-19 18:45 - 2016-11-01 19:26 - 00000000 ____D C:\Users\Mato\AppData\Roaming\IObit
2017-03-19 18:45 - 2016-11-01 19:26 - 00000000 ____D C:\ProgramData\IObit
2017-03-19 18:44 - 2013-09-16 01:08 - 00000000 ____D C:\Users\Mato\AppData\Local\SweetLabs App Platform
2017-03-19 18:40 - 2013-11-21 23:38 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-19 15:41 - 2013-07-20 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-19 15:37 - 2016-03-09 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-19 15:37 - 2013-03-28 19:36 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 22:10 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 22:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-15 22:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-15 22:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-15 22:01 - 2013-03-28 12:37 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-13 19:16 - 2015-12-02 10:10 - 00000000 ____D C:\Users\Mato\AppData\Local\CrashDumps
2017-03-13 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-10 05:34 - 2016-12-18 16:46 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 05:34 - 2016-12-18 16:46 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-06 18:59 - 2013-08-13 09:43 - 00000000 ____D C:\Users\Mato\Desktop\Pamska
2017-03-01 17:40 - 2017-02-10 11:31 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 43.lnk
2017-03-01 17:40 - 2016-07-07 17:29 - 00003850 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1400699424
2017-02-28 18:49 - 2015-05-25 07:30 - 00000000 ____D C:\Users\Mato\Documents\The Witcher 3
2017-02-17 14:50 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\ModemLogs

==================== Files in the root of some directories =======

2015-08-17 16:39 - 2015-08-17 16:40 - 0017408 _____ () C:\Users\Mato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-02 10:17 - 2015-12-02 10:17 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
2012-07-09 00:40 - 2012-07-09 00:40 - 1299920 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 2040296 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 0232904 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 0031200 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 0039376 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 0650168 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
2012-07-09 00:40 - 2012-07-09 00:40 - 0035816 _____ (Microsoft Corporation) C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
2017-03-19 18:41 - 2008-08-29 18:51 - 0188928 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\DOWNLOAD.EXE
2017-03-19 18:41 - 2008-09-06 01:56 - 0210944 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\esupdate.exe
2017-03-19 18:41 - 2007-03-20 13:50 - 0038400 _____ (Kaspersky Lab) C:\Users\Mato\AppData\Local\Temp\FSSync.dll
2017-03-19 18:41 - 2008-09-06 00:11 - 0056384 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\Getvlist.exe
2017-03-19 18:41 - 2008-07-21 18:57 - 0065536 _____ () C:\Users\Mato\AppData\Local\Temp\ikave.dll
2017-03-19 18:41 - 2002-07-11 14:34 - 0036928 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\ipc.dll
2017-03-19 18:41 - 2008-07-21 18:56 - 0278528 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kave.dll
2017-03-19 18:41 - 2003-10-07 16:58 - 0098304 _____ () C:\Users\Mato\AppData\Local\Temp\kavsign.exe
2017-03-19 18:41 - 2004-11-11 13:36 - 0143416 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kavss.dll
2017-03-19 18:41 - 2004-08-17 17:24 - 0020536 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kavss.exe
2017-03-19 18:41 - 2004-11-05 16:38 - 0159865 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kavssd.dll
2017-03-19 18:41 - 2004-08-17 18:26 - 0053306 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kavssdi.dll
2017-03-19 18:41 - 2004-11-05 16:20 - 0036921 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\kavssi.dll
2017-03-19 18:41 - 2004-08-18 12:05 - 0102481 _____ () C:\Users\Mato\AppData\Local\Temp\kavvlg.dll
2017-03-19 18:42 - 2017-03-19 18:42 - 0548864 _____ (Microsoft Corporation) C:\Users\Mato\AppData\Local\Temp\msvcp80.dll
2017-03-19 18:42 - 2017-03-19 18:42 - 0626688 _____ (Microsoft Corporation) C:\Users\Mato\AppData\Local\Temp\msvcr80.dll
2017-03-19 18:41 - 2008-09-06 00:38 - 2007040 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\msvl64.dll
2017-03-19 18:41 - 2008-09-06 00:20 - 0192512 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\msvlclnt.dll
2017-03-19 18:41 - 2008-04-29 15:00 - 0099328 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\MWAVL.EXE
2017-03-19 18:41 - 2008-08-29 12:45 - 0745472 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\MWAVREG.EXE
2017-03-19 18:41 - 2008-09-06 00:09 - 0204800 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\MWUnZip.dll
2017-03-19 18:42 - 2017-03-19 18:42 - 0241664 _____ () C:\Users\Mato\AppData\Local\Temp\MYDB.DLL
2017-03-19 18:41 - 2007-03-20 17:04 - 0184320 _____ (Kaspersky Lab) C:\Users\Mato\AppData\Local\Temp\prLoader.dll
2017-03-19 18:41 - 1996-10-14 07:08 - 0173328 _____ (Microsoft Corporation) C:\Users\Mato\AppData\Local\Temp\red32.dll
2017-03-19 18:41 - 2008-09-06 01:39 - 0093696 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\Reload.exe
2017-03-19 18:41 - 2008-07-21 18:58 - 0139264 _____ (Kaspersky Lab.) C:\Users\Mato\AppData\Local\Temp\ScanningProcess.exe
2017-03-19 18:41 - 2008-09-06 00:27 - 0054784 _____ (MicroWorld Technologies Inc) C:\Users\Mato\AppData\Local\Temp\setpriv.exe
2017-03-19 18:41 - 2008-09-06 00:44 - 0043520 _____ (MicroWorld Technologies Inc) C:\Users\Mato\AppData\Local\Temp\unregx.exe
2017-03-19 18:41 - 2008-02-22 11:35 - 0413696 _____ (MicroWorld Technologies Inc.) C:\Users\Mato\AppData\Local\Temp\VIEWTCP.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 18:30

==================== End of FRST.txt ============================

Krasny den Vam preju

Jste zkuseny uzivatel nebo je pro vas pocitac spise nutne zlo?

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Clean (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

Zdravím, dakujem za rychlu reakciu:)
Historia, kos, registre atd premazane pomocou CCleaner.
Spustený ADW cleaner, po prebehnutí a restarte, Windows konecne nabehol na 1x, len opat drobnost.. rundll zadany modul sa nepodarilo najst 2x, vid priloha

Priklada log y Adwcleaneru

# AdwCleaner v6.044 - *Logfile created 20/03/2017 *at 00:30:06
# *Updated on 28/02/2017 by Malwarebytes
# *Database : 2017-03-19.1 [*Server]
# *Operating System : Windows 8.1 (X64)
# *Username : Mato - MATO
# *Running from : C:\Users\Mato\Downloads\adwcleaner_6.044.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support

***** [ *Services ] *****

***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Mato\AppData\Local\SweetLabs App Platform
[-] *Folder deleted: C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[-] *Folder deleted: C:\Program Files\Dripkix
[-] *Folder deleted: C:\ProgramData\IObit\ASCDownloader
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[-] *Folder deleted: C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

***** [ *Files ] *****

[-] *File deleted: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] *File deleted: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

***** [ DLL ] *****

***** [ WMI ] *****

***** [ *Shortcuts ] *****

***** [ *Scheduled Tasks ] *****

[-] *Task deleted: SweetLabs App Platform

***** [ *Registry ] *****

[-] *Key deleted: HKCU\Software\e6dfd9bd6fbf40
[-] *Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3274395
[-] *Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r362-n-bo.exe
[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdsManPro
[#] *Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\wdsmanpro
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\wdsmanpro
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Classes\pokki
[#] *Key deleted on reboot: HKCU\Software\Classes\pokki
[-] *Key deleted: HKLM\SOFTWARE\Classes\Movie2KDownloader
[-] *Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[#] *Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Movie2KDownloader
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB703F7-E7B2-4AB0-9566-87658AC70095}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
[-] *Key deleted: HKU\.DEFAULT\Software\ImInstaller
[-] *Key deleted: HKU\.DEFAULT\Software\WNLT
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\BabylonToolbar
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\BI
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\ImInstaller
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\OB
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\PRODUCTSETUP
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\SweetLabs App Platform
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Tbccint
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Tbccint_HKLM
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\csastats
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\AppDataLow\Software\PriceGong
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\AppDataLow\Software\Tbccint
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\AppDataLow\Software\TbccintSearchScopes
[-] *Key deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] *Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\SweetIM
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\WNLT
[#] *Key deleted on reboot: HKCU\Software\BabylonToolbar
[#] *Key deleted on reboot: HKCU\Software\BI
[#] *Key deleted on reboot: HKCU\Software\ImInstaller
[#] *Key deleted on reboot: HKCU\Software\OB
[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] *Key deleted on reboot: HKCU\Software\Tbccint
[#] *Key deleted on reboot: HKCU\Software\Tbccint_HKLM
[#] *Key deleted on reboot: HKCU\Software\csastats
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Tbccint
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] *Key deleted: HKLM\SOFTWARE\Babylon
[-] *Key deleted: HKLM\SOFTWARE\downchecker
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\SweetIM
[#] *Key deleted on reboot: [x64] HKCU\Software\BabylonToolbar
[#] *Key deleted on reboot: [x64] HKCU\Software\BI
[#] *Key deleted on reboot: [x64] HKCU\Software\ImInstaller
[#] *Key deleted on reboot: [x64] HKCU\Software\OB
[#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] *Key deleted on reboot: [x64] HKCU\Software\Tbccint
[#] *Key deleted on reboot: [x64] HKCU\Software\Tbccint_HKLM
[#] *Key deleted on reboot: [x64] HKCU\Software\csastats
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Tbccint
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] *Key deleted: [x64] HKLM\SOFTWARE\downchecker
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] *Value deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
[#] *Value deleted on reboot: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
[-] *Value deleted: HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] *Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] *Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] *Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] *Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim
[-] *Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] *Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

***** [ *Browsers ] *****

[-] [C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] *Deleted: search.sweetim.com
[-] [C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] *Deleted: delta-search.com
[-] [C:\Users\Mato\AppData\Local\Google\Chrome\User Data\Default] [extension] *Deleted: ipmkfpcnmccejididiaagpgchgjfajgp

*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8433 *Bytes] - [20/03/2017 00:30:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [7828 *Bytes] - [20/03/2017 00:19:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8581 *Bytes] ##########

Jste zkuseny uzivatel nebo je pro vas pocitac spise nutne zlo?

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={F7975B19-B5B8-11E2-BE81-6036DDB09CE8}
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (Camera Video) - C:\Users\Mato\AppData\Local\Camera Video\Component [2015-12-03]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mato\AppData\Roaming\BabSolution\CR\Delta.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx <not found>
C:\Users\Mato\AppData\Roaming\BabSolution
C:\Users\Mato\AppData\Local\Rich Media Player
S4 IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [X]
S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]
2017-03-19 22:54 - 2017-03-19 22:54 - 00000000 ____D C:\Program Files\trend micro
Task: {73627895-DEF2-4D5D-8500-BEA3A41B9034} - System32\Tasks\Camera Video => Rundll32.exe "C:\Users\Mato\AppData\Local\Camera Video\{C18433FB-C1B3-D503-7CAC-5B5C3B7F89AF}\CameraVideo.dll",#1 <==== ATTENTION
Task: {9D312920-52F7-4FD4-B42C-5068AE818C59} - System32\Tasks\Camera Video2 => Rundll32.exe "C:\Users\Mato\AppData\Local\Camera Video\{C18433FB-C1B3-D503-7CAC-5B5C3B7F89AF}\wnxqszmu.dll",#1 <==== ATTENTION
C:\Users\Mato\AppData\Local\Camera Video
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

Spravil som podla instrukcii..
Chybove okna pri starte su fuč.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Mato (20-03-2017 01:22:41) Run:1
Running from C:\Users\Mato\Desktop
Loaded Profiles: Mato (Available Profiles: Mato)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={F7975B19-B5B8-11E2-BE81-6036DDB09CE8}
FF HKLM-x32\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (Camera Video) - C:\Users\Mato\AppData\Local\Camera Video\Component [2015-12-03]
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mato\AppData\Roaming\BabSolution\CR\Delta.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Mato\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx <not found>
C:\Users\Mato\AppData\Roaming\BabSolution
C:\Users\Mato\AppData\Local\Rich Media Player
S4 IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [X]
S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]
2017-03-19 22:54 - 2017-03-19 22:54 - 00000000 ____D C:\Program Files\trend micro
Task: {73627895-DEF2-4D5D-8500-BEA3A41B9034} - System32\Tasks\Camera Video => Rundll32.exe "C:\Users\Mato\AppData\Local\Camera Video\{C18433FB-C1B3-D503-7CAC-5B5C3B7F89AF}\CameraVideo.dll",#1 <==== ATTENTION
Task: {9D312920-52F7-4FD4-B42C-5068AE818C59} - System32\Tasks\Camera Video2 => Rundll32.exe "C:\Users\Mato\AppData\Local\Camera Video\{C18433FB-C1B3-D503-7CAC-5B5C3B7F89AF}\wnxqszmu.dll",#1 <==== ATTENTION
C:\Users\Mato\AppData\Local\Camera Video
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-4204622686-3959268731-1216914738-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
C:\Users\Mato\AppData\Local\Camera Video\Component => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn => key not found.
"C:\Users\Mato\AppData\Roaming\BabSolution" => not found.
"C:\Users\Mato\AppData\Local\Rich Media Player" => not found.
HKLM\System\CurrentControlSet\Services\IMFFilter => key removed successfully
IMFFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\RegFilter => key removed successfully
RegFilter => service removed successfully
C:\Program Files\trend micro => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73627895-DEF2-4D5D-8500-BEA3A41B9034} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73627895-DEF2-4D5D-8500-BEA3A41B9034} => key removed successfully
C:\WINDOWS\System32\Tasks\Camera Video => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Camera Video => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D312920-52F7-4FD4-B42C-5068AE818C59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D312920-52F7-4FD4-B42C-5068AE818C59} => key removed successfully
C:\WINDOWS\System32\Tasks\Camera Video2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Camera Video2 => key removed successfully
C:\Users\Mato\AppData\Local\Camera Video => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

========= dir "C:\Windows\Inf" /AD =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\Windows\Inf

20.03.2017 00:41 <DIR> .
20.03.2017 00:41 <DIR> ..
07.11.2014 21:57 <DIR> .NET CLR Data
07.11.2014 21:57 <DIR> .NET CLR Networking
22.08.2013 16:36 <DIR> .NET CLR Networking 4.0.0.0
07.11.2014 21:57 <DIR> .NET Data Provider for Oracle
07.11.2014 21:57 <DIR> .NET Data Provider for SqlServer
07.11.2014 21:57 <DIR> .NETFramework
24.09.2014 05:49 <DIR> BITS
22.08.2013 16:43 <DIR> en-US
24.09.2014 05:49 <DIR> ESENT
24.09.2014 05:49 <DIR> MSDTC
07.11.2014 21:57 <DIR> MSDTC Bridge 3.0.0.0
22.08.2013 16:36 <DIR> MSDTC Bridge 4.0.0.0
24.09.2014 05:49 <DIR> PERFLIB
07.11.2014 22:20 <DIR> PNRPSvc
07.11.2014 22:20 <DIR> rdyboost
22.08.2013 16:43 <DIR> RemoteAccess
07.11.2014 21:57 <DIR> ServiceModelEndpoint 3.0.0.0
07.11.2014 21:57 <DIR> ServiceModelOperation 3.0.0.0
07.11.2014 21:57 <DIR> ServiceModelService 3.0.0.0
07.11.2014 21:57 <DIR> SMSvcHost 3.0.0.0
22.08.2013 16:36 <DIR> SMSvcHost 4.0.0.0
07.11.2014 22:20 <DIR> TAPISRV
24.09.2014 05:49 <DIR> TermService
07.11.2014 22:20 <DIR> UGatherer
07.11.2014 22:20 <DIR> UGTHRSVC
07.11.2014 22:20 <DIR> usbhub
07.11.2014 21:57 <DIR> Windows Workflow Foundation 3.0.0.0
22.08.2013 16:36 <DIR> Windows Workflow Foundation 4.0.0.0
20.03.2017 00:41 <DIR> WmiApRpl
07.11.2014 22:20 <DIR> wsearchidxpi
0 File(s) 0 bytes
32 Dir(s) 773˙121˙572˙864 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~1" =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\PROGRA~1

20.03.2017 01:22 <DIR> .
20.03.2017 01:22 <DIR> ..
11.11.2016 15:40 <DIR> AVAST Software
11.11.2016 15:49 <DIR> CCleaner
11.11.2016 15:43 <DIR> Common Files
17.08.2015 16:31 <DIR> DIFX
24.09.2014 09:20 <DIR> Embedded Lockdown Manager
06.06.2016 22:00 <DIR> Intel
14.11.2016 16:54 <DIR> Internet Explorer
20.03.2017 00:14 <DIR> Malwarebytes
07.11.2014 21:57 <DIR> MSBuild
24.05.2015 19:36 <DIR> NVIDIA Corporation
07.11.2014 22:07 <DIR> Realtek
07.11.2014 21:57 <DIR> Reference Assemblies
07.01.2013 11:56 <DIR> SRS Labs
07.11.2014 22:07 <DIR> Synaptics
18.03.2016 22:34 <DIR> TOSHIBA
19.08.2015 14:45 <DIR> Windows Defender
16.09.2016 07:34 <DIR> Windows Journal
20.04.2015 19:24 <DIR> Windows Mail
09.03.2016 18:45 <DIR> Windows Media Player
20.04.2015 19:24 <DIR> Windows Multimedia Platform
22.08.2013 16:36 <DIR> Windows NT
20.04.2015 19:24 <DIR> Windows Photo Viewer
20.04.2015 19:24 <DIR> Windows Portable Devices
20.04.2015 19:23 <DIR> WindowsPowerShell
0 File(s) 0 bytes
26 Dir(s) 773˙121˙507˙328 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~2" =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\PROGRA~2

19.03.2017 18:45 <DIR> .
19.03.2017 18:45 <DIR> ..
29.08.2013 20:31 <DIR> AC3Filter
14.10.2014 01:10 <DIR> AGEIA Technologies
11.11.2016 15:46 <DIR> AliExpress
06.12.2015 15:44 <DIR> Autodesk
21.06.2016 17:32 <DIR> Avira
20.02.2014 19:40 <DIR> Batman Arkham Origins
25.01.2017 21:51 <DIR> Common Files
01.09.2014 21:56 <DIR> DAEMON Tools Lite
11.12.2012 00:11 <DIR> eBay
27.03.2013 22:28 <DIR> ESTsoft
31.10.2016 17:48 <DIR> Google
29.08.2013 20:35 <DIR> GRETECH
11.05.2016 20:47 <DIR> GUM2F22.tmp
06.06.2016 22:01 <DIR> Intel
14.11.2016 16:54 <DIR> Internet Explorer
01.11.2016 22:15 <DIR> IObit
25.01.2017 21:50 <DIR> Java
28.01.2014 22:04 <DIR> Microsoft Games for Windows - LIVE
11.12.2012 00:21 <DIR> Microsoft Office
22.08.2013 16:36 <DIR> Microsoft.NET
29.08.2013 20:40 <DIR> Mozilla Firefox
07.11.2014 21:57 <DIR> MSBuild
11.12.2012 00:17 <DIR> Nero
07.01.2013 11:49 <DIR> NVIDIA 3D Vision driver
02.12.2015 01:38 <DIR> NVIDIA Corporation
08.10.2013 20:49 <DIR> OpenOffice 4
20.03.2017 00:40 <DIR> Opera
07.01.2013 11:55 <DIR> Realtek
07.11.2014 21:57 <DIR> Reference Assemblies
05.06.2016 21:42 <DIR> Samsung
29.01.2016 20:50 <DIR> Sony
09.03.2016 20:27 <DIR> TOSHIBA
07.01.2013 12:19 <DIR> TOSHIBA Games
11.12.2012 00:11 <DIR> Toshiba TEMPRO
24.08.2014 20:24 <DIR> Ubisoft
07.01.2013 12:19 <DIR> WildGames
08.05.2013 14:03 <DIR> WildTangent Games
19.08.2015 14:45 <DIR> Windows Defender
20.04.2015 19:23 <DIR> Windows Mail
09.03.2016 18:45 <DIR> Windows Media Player
20.04.2015 19:23 <DIR> Windows Multimedia Platform
22.08.2013 16:36 <DIR> Windows NT
20.04.2015 19:23 <DIR> Windows Photo Viewer
20.04.2015 19:23 <DIR> Windows Portable Devices
22.08.2013 16:36 <DIR> WindowsPowerShell
0 File(s) 0 bytes
47 Dir(s) 773˙121˙437˙696 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~3" =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\PROGRA~3

11.11.2016 15:39 <DIR> AVAST Software
17.08.2015 22:33 <DIR> AVG
21.06.2016 17:29 <DIR> Avira
25.02.2015 21:37 <DIR> BioWare
10.12.2013 11:51 <DIR> CyberLink
27.03.2013 23:31 <DIR> DAEMON Tools Lite
27.03.2013 21:25 <DIR> Electronic Arts
12.01.2015 15:21 <DIR> GRETECH
28.03.2013 00:17 <DIR> install_clap
06.06.2016 22:01 <DIR> Intel
20.03.2017 00:29 <DIR> IObit
19.03.2017 18:43 <DIR> Kaspersky SDK
20.03.2017 00:14 <DIR> Malwarebytes
27.05.2013 21:36 <DIR> McAfee
25.02.2015 21:35 <DIR> Media Center Programs
19.03.2017 18:41 <DIR> MicroWorld
11.12.2012 00:46 <DIR> Nero
04.05.2014 15:45 <DIR> Norton
04.05.2014 14:46 <DIR> NortonInstaller
20.03.2017 00:34 <DIR> NVIDIA
21.03.2016 22:31 <DIR> NVIDIA Corporation
25.01.2017 21:51 <DIR> Oracle
24.08.2014 20:11 <DIR> Orbit
17.08.2015 16:29 <DIR> OviInstallerCache
19.03.2017 18:40 <DIR> Package Cache
17.08.2015 16:36 <DIR> PC Suite
28.03.2013 00:19 <DIR> PDVD
07.11.2014 22:20 <DIR> PRICache
19.03.2017 22:39 <DIR> ProductData
20.04.2015 19:23 <DIR> regid.1991-06.com.microsoft
07.01.2013 11:54 <DIR> Roaming
05.06.2016 21:42 <DIR> Samsung
21.06.2016 17:40 <DIR> Skype
29.01.2016 20:50 <DIR> Sony
23.02.2014 18:31 <DIR> Steam
26.03.2016 22:44 <DIR> Synaptics
24.06.2013 14:33 <DIR> Temp
02.12.2015 01:43 <DIR> Toshiba
27.03.2013 19:20 <DIR> ToshibaEurope
12.01.2015 15:22 <DIR> TuneUp Software
08.05.2013 14:02 <DIR> WildTangent
0 File(s) 0 bytes
41 Dir(s) 773˙121˙380˙352 bytes free

========= End of CMD: =========

========= dir "%localappdata%" =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\Users\Mato\AppData\Local

20.03.2017 01:22 <DIR> .
20.03.2017 01:22 <DIR> ..
24.12.2014 20:31 <DIR> Adobe
17.08.2015 22:31 <DIR> Avg
09.03.2016 22:22 <DIR> Avira
09.03.2016 18:40 <DIR> AviraResume
21.06.2016 17:32 <DIR> AviraSpeedup
22.07.2015 00:52 <DIR> CEF
18.12.2016 16:49 <DIR> Chromium
20.03.2017 00:16 <DIR> CrashDumps
28.03.2013 00:19 <DIR> CyberLink
17.08.2015 16:40 17˙408 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19.03.2017 23:01 <DIR> Diagnostics
27.03.2013 22:28 <DIR> ECRSC
06.03.2015 20:27 <DIR> ESET
14.04.2014 19:45 <DIR> Facebook
21.03.2015 22:56 <DIR> FalloutNV
18.09.2015 10:30 <DIR> Google
13.06.2015 18:27 <DIR> GWX
19.03.2017 23:00 <DIR> IE Tab
28.03.2013 00:19 <DIR> MediaServer
28.03.2013 00:28 <DIR> MediaShow
29.01.2016 20:46 <DIR> Microsoft
17.08.2015 16:36 <DIR> Nokia
17.08.2015 16:36 <DIR> NokiaAccount
23.03.2016 13:51 <DIR> NVIDIA
23.03.2016 13:51 <DIR> NVIDIA Corporation
27.03.2013 21:29 <DIR> Opera
21.05.2014 20:10 <DIR> Opera Software
16.02.2017 20:54 <DIR> Packages
27.03.2013 21:19 <DIR> Programs
03.09.2013 13:09 <DIR> Radiocom
28.03.2013 01:04 <DIR> SKIDROW
29.06.2015 21:05 <DIR> Skype
29.03.2013 20:24 <DIR> Skyrim
27.03.2013 19:17 <DIR> SRS Labs
18.12.2016 16:49 <DIR> Steam
20.03.2017 01:22 <DIR> Temp
06.06.2016 21:20 <DIR> TOSHIBA
24.08.2014 20:24 <DIR> Ubisoft Game Launcher
19.03.2017 22:53 <DIR> VirtualStore
1 File(s) 17˙408 bytes
40 Dir(s) 773˙121˙323˙008 bytes free

========= End of CMD: =========

========= dir "%appdata%" =========

Volume in drive C is TI31028700A
Volume Serial Number is E010-9CC1

Directory of C:\Users\Mato\AppData\Roaming

19.03.2017 18:45 <DIR> .
19.03.2017 18:45 <DIR> ..
10.10.2013 01:11 <DIR> AC3Filter
27.03.2013 19:16 <DIR> Adobe
17.08.2015 22:32 <DIR> AVG
09.03.2016 19:51 <DIR> Avira
24.01.2016 22:57 <DIR> Budˇk
28.03.2013 12:53 <DIR> CyberLink
09.03.2015 00:06 <DIR> DAEMON Tools Lite
01.11.2016 22:08 <DIR> Dropbox
06.03.2015 20:27 <DIR> ESET
25.02.2015 20:37 <DIR> ESTsoft
29.08.2013 20:35 <DIR> GRETECH
08.11.2014 14:22 <DIR> Identities
27.03.2013 19:14 <DIR> Intel
19.03.2017 18:45 <DIR> IObit
27.03.2013 20:23 <DIR> Macromedia
21.07.2014 20:47 <DIR> Media Player Classic
05.05.2013 20:20 <DIR> Mozilla
26.07.2013 18:31 <DIR> Nero
19.08.2015 13:44 <DIR> Nokia
14.04.2014 19:45 <DIR> NVIDIA
27.03.2013 23:32 <DIR> NVIDIA 3D Vision Video Player
08.10.2013 22:25 <DIR> OpenOffice
28.03.2013 19:18 <DIR> OpenOffice.org
27.03.2013 21:29 <DIR> Opera
21.05.2014 20:10 <DIR> Opera Software
17.08.2015 16:36 <DIR> PC Suite
15.09.2014 21:24 <DIR> Radiocom
24.06.2013 14:36 <DIR> Seznam.cz
16.03.2016 23:08 <DIR> Skype
27.03.2013 22:58 <DIR> sMedio
31.12.2015 11:05 <DIR> Sun
15.09.2014 21:30 <DIR> toshiba
10.12.2013 08:55 <DIR> TuneUp Software
27.04.2015 06:17 <DIR> uTorrent
08.05.2013 14:03 <DIR> WildTangent
15.09.2014 22:23 <DIR> WinBatch
29.12.2014 20:46 <DIR> XRay Engine
0 File(s) 0 bytes
39 Dir(s) 773˙121˙261˙568 bytes free

========= End of CMD: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7620906 B
Java, Flash, Steam htmlcache => 663940071 B
Windows/system/drivers => 1581846 B
Edge => 0 B
Chrome => 19201983 B
Firefox => 0 B
Opera => 6122208 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 724 B
LocalService => 6482 B
NetworkService => 20963328 B
Mato => 94326507 B

RecycleBin => 0 B
EmptyTemp: => 784.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-03-2017 01:26:02)

"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 01:26:03 ====

2x jste ignoroval moji otazku, proto nevim jakou uroven odbornosti pro dalsi vysvetleni zvolit - Vase chyba. Predpokladejme tedy, ze BFU nejste.

Nikdy jsem nevidel, ze by uzivatel obnovoval 14 dni stare vetve registru. Doufam, ze je to pouze moje neznalost a tato cinnost se nekde opravdu pouziva (velice rad se poucim). Nedokazu urcit, zda je nasledujici chyba zpusobena prave importovanim 14 dni starych vetvi, chybou disku, pripadne neceho jineho.

Error: (03/19/2017 06:46:12 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1080000000086ab. The name of the file is "<unable to determine file name>".

Tohle by mohl napravit chkdsk.

Dale v PC mate zbytky nekolika antiviru (alespon dle vypisu z protokolu udalosti a seznamu driveru) - odstrante je pomoci oficialnich odinstalatoru https://support.eset.com/kb146/?locale=en_US

VIRY.CZ

Problem s starem Windows 8.1 ... preparing repair

Problem s starem Windows 8.1 ... preparing repair

Re: Problem s starem Windows 8.1 ... preparing repair

Re: Problem s starem Windows 8.1 ... preparing repair

Re: Problem s starem Windows 8.1 ... preparing repair

Re: Problem s starem Windows 8.1 ... preparing repair

Re: Problem s starem Windows 8.1 ... preparing repair