Problém s IE

Zpráva

dol · #1 Příspěvek od **dol** » 17 črc 2016 13:22

Zdravím, protože se mi nedaří podle rad na Superforum (údajně napadení exploity) dojít k nějakým závěrům, prosím Vás o kontrolu, případně radu.
Problém se objevuje při práci s IE 11- můj OS Win 8.1 32bit. Před několika týdny se postupně začaly objevovat závady
- při otevírání souborů Oblíbené se na záložce ikony objevovaly postupně
-při práci se IE zaseknul a bylo nutné ho zavřít. Bez zavření a znovu otevření nějakou dobu pracoval, pak spadnul
-při otevírání map ze složky Oblíbené po chvíli přestane pracovat, oznámí, že „Aplikace IE upravila tuto stránku, aby pomohla zabránit útoku skripování mezi weby (XSS)“
Při zaseknutí se zdvojnásobí zatížení paměti na více než 100MB
Podle Malvarebytes vše OK, Eset online našel a dal do karantény InstallMonetizer.AQ, nic se nezměnilo.
Prohlížeč Gogole Chrome pracuje bez závad, pokus o opravu OS příkazem sfc/scannow
situaci nezlepšil.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-07-17 14:34:02
Microsoft Windows 8.1
System drive C: has 64 GB (63%) free of 103 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:34:08, on 17. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Vyhledat aktualizace.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.2 ... rol_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4607 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe

#2 Příspěvek od **Márty84** » 17 črc 2016 15:56

Zdravim

Log neni cely, potrebuju videt i zbytek.

dol · #3 Příspěvek od **dol** » 17 črc 2016 16:29

Omlouvám se, snad se to už podařilo.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-07-17 17:11:55
Microsoft Windows 8.1
System drive C: has 64 GB (62%) free of 103 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:12, on 17. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Vyhledat aktualizace.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.2 ... rol_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4332 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe_ndows\system32\vbscript.dll
2016-07-15 19:26:36 ----A---- C:\Windows\system32\jscript.dll
2016-07-15 19:26:35 ----A---- C:\Windows\system32\iedkcs32.dll
2016-07-15 19:26:34 ----A---- C:\Windows\system32\iepeers.dll
2016-07-15 19:26:34 ----A---- C:\Windows\system32\ie4uinit.exe
2016-07-15 19:26:24 ----A---- C:\Windows\system32\win32k.sys
2016-07-15 19:26:23 ----A---- C:\Windows\system32\appraiser.dll
2016-07-15 19:26:23 ----A---- C:\Windows\system32\aepic.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\invagent.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\generaltel.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\devinv.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-15 19:26:22 ----A---- C:\Windows\system32\centel.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\aeinv.dll
2016-07-15 19:26:22 ----A---- C:\Windows\system32\acmigration.dll
2016-07-15 19:26:21 ----A---- C:\Windows\system32\win32spl.dll
2016-07-15 19:26:21 ----A---- C:\Windows\system32\localspl.dll
2016-07-15 19:26:20 ----A---- C:\Windows\system32\puiobj.dll
2016-07-15 19:26:20 ----A---- C:\Windows\system32\puiapi.dll
2016-07-15 19:26:20 ----A---- C:\Windows\system32\ntprint.dll
2016-07-15 19:26:20 ----A---- C:\Windows\system32\inetpp.dll
2016-07-15 19:26:20 ----A---- C:\Windows\system32\DafPrintProvider.dll
2016-07-15 19:26:17 ----A---- C:\Windows\system32\poqexec.exe
2016-07-15 19:25:57 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2016-07-17 17:12:07 ----D---- C:\Program Files\trend micro
2016-07-17 17:00:00 ----D---- C:\Windows\system32\sru
2016-07-17 16:58:21 ----D---- C:\Windows\Temp
2016-07-17 15:09:26 ----D---- C:\Windows\Prefetch
2016-07-17 14:38:04 ----D---- C:\Windows
2016-07-17 13:09:59 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2016-07-17 12:33:37 ----D---- C:\Windows\system32\config
2016-07-16 19:31:18 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-07-16 11:26:38 ----D---- C:\Windows\Microsoft.NET
2016-07-16 11:07:06 ----D---- C:\Windows\WinSxS
2016-07-16 10:55:12 ----D---- C:\Windows\system32\catroot2
2016-07-16 10:54:42 ----D---- C:\Windows\system32\DriverStore
2016-07-16 05:34:22 ----RD---- C:\Windows\System32
2016-07-15 23:56:50 ----D---- C:\Windows\system32\wbem
2016-07-15 23:56:49 ----D---- C:\Windows\system32\en-US
2016-07-15 23:56:49 ----D---- C:\Windows\system32\cs-CZ
2016-07-15 23:56:49 ----D---- C:\Program Files\Internet Explorer
2016-07-15 23:56:48 ----RD---- C:\Windows\ToastData
2016-07-15 23:56:48 ----D---- C:\Windows\inf
2016-07-15 23:56:47 ----D---- C:\Windows\system32\appraiser
2016-07-15 23:56:41 ----D---- C:\Windows\system32\CodeIntegrity
2016-07-15 22:00:23 ----D---- C:\Windows\CbsTemp
2016-07-15 21:59:12 ----D---- C:\Windows\system32\MRT
2016-07-15 21:53:41 ----D---- C:\Users\Admin\AppData\Roaming\Garmin
2016-07-15 21:52:31 ----A---- C:\Windows\system32\MRT.exe
2016-07-15 21:51:46 ----D---- C:\Program Files\Windows Journal
2016-07-15 21:47:25 ----SHD---- C:\System Volume Information
2016-07-15 19:36:58 ----D---- C:\Windows\system32\NDF
2016-07-15 16:35:24 ----D---- C:\Windows\AppReadiness
2016-07-15 16:32:44 ----SHD---- C:\Windows\Installer
2016-07-15 16:32:44 ----SHD---- C:\Config.Msi
2016-07-15 16:32:44 ----D---- C:\Windows\system32\Tasks
2016-07-07 02:39:33 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-02 06:29:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-06-21 19:35:35 ----RD---- C:\Program Files
2016-06-19 14:36:27 ----D---- C:\AdwCleaner
2016-06-19 08:47:21 ----HD---- C:\Program Files\WindowsApps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R3 azvusb;@oem66.inf,%SvcDesc%;Virtual USB Hub; C:\Windows\System32\drivers\azvusb.sys [2009-08-24 44544]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2016-07-17 17488]
R3 NVHDA;@oem132.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-11-10 178840]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-12-13 8536208]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-07-14 18576]
R3 nvvad_WaveExtensible;@oem128.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2015-07-03 42344]
R3 Ph3xIB32;@oem1.inf,%DISPLAY_NAME%;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2011-05-31 1311232]
R3 RTL8168;@netrt630x86.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2013-06-18 490496]
R3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\System32\drivers\WUDFRd.sys [2014-10-29 190976]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [2014-10-29 190976]
S3 3xHybrid;@oem67.inf,%DISPLAY_NAME%;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-18 1121536]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 s0016bus;@oem10.inf,%sed0016.Service.Desc%;Sony Ericsson Device 0016 driver (WDM); C:\Windows\System32\drivers\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;@oem11.inf,%sed0016.Filter.Name%;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;@oem11.inf,%sed0016.Service.Name%;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;@oem14.inf,%sed0016.Service.Name%;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;@oem12.inf,%sed0016.Service.Desc%;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;@oem13.inf,%sed0016.Service.Name%;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;@oem15.inf,%sed0016.Service.Desc%;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\System32\drivers\s0016unic.sys [2008-05-16 115752]
S3 WDC_SAM;@oem122.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-01-27 11520]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2009-12-02 68136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-07-14 921232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-07-14 1871504]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-07-14 4304528]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-12-13 669840]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 18 črc 2016 02:20

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

dol · #5 Příspěvek od **dol** » 18 črc 2016 13:53

Zdravím, snad se to podařilo.

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [6069 bytes] ##########
# AdwCleaner v5.201 - Log vytvoĹ™en 18/07/2016 v 12:36:25
# AktualizovĂˇno 30/06/2016 by ToolsLib
# DatabĂˇze : 2016-07-16.1 [Server]
# OperaÄŤnĂ system : Windows 8.1 (X86)
# UĹľivatelskĂ© jmĂ©no : Admin - STOLNIPC
# SpuĹˇtÄ›no z : C:\Users\Admin\Desktop\adwcleaner_5.201.exe
# NastavenĂ : Sken
# Podpora : https://toolslib.net/forum

***** [ SluĹľby ] *****

***** [ SloĹľky ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ ZĂˇstupci ] *****

***** [ NaplĂˇnovanĂ© Ăşlohy ] *****

***** [ Registry ] *****

KlĂÄŤ Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
KlĂÄŤ Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\productivityboss.dl.myway.com
KlĂÄŤ Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

***** [ ProhlĂĹľeÄŤe ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7511 bytĹŻ] - [01/03/2016 11:20:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [11983 bytĹŻ] - [01/03/2016 09:12:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [8085 bytĹŻ] - [01/03/2016 09:47:33]
C:\AdwCleaner\AdwCleaner[S3].txt - [7329 bytĹŻ] - [01/03/2016 09:52:13]
C:\AdwCleaner\AdwCleaner[S4].txt - [5082 bytĹŻ] - [01/03/2016 09:56:56]
C:\AdwCleaner\AdwCleaner[S5].txt - [5155 bytĹŻ] - [01/03/2016 10:00:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [7548 bytĹŻ] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18. 7. 2016
Čas skenování: 12:59
Protokol: log malwareb. 18.7.16.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.18.05
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x86
Souborový systém: NTFS
Uživatel: Admin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 445311
Uplynulý čas: 1 hod, 40 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.SysTweak, C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir, , [d0ad0223faa01b1b4273556f8f72ec14],
PUP.Optional.ASK, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-SGT-C3[1].7z, , [3b4261c4a5f5bc7a2d8cecfa14edd22e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)
Nalezené Malw.B. jsem nemazal

dol · #6 Příspěvek od **dol** » 18 črc 2016 13:56

Našel jsem ještě jeden log
HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gounzip.dl.myway.com->C:\AdwCleaner\RegistryQuarantine\reg_hhiwaxwtqy.reg
HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com->C:\AdwCleaner\RegistryQuarantine\reg_gzymjmgqvk.reg
HKCU\Software\GreenTree Applications\YTD->C:\AdwCleaner\RegistryQuarantine\reg_lbguclmhgz.reg
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com->C:\AdwCleaner\RegistryQuarantine\reg_ewkwxfcton.reg
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\productivityboss.dl.myway.com->C:\AdwCleaner\RegistryQuarantine\reg_lrwhzwvmxr.reg
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com->C:\AdwCleaner\RegistryQuarantine\reg_cadyrreelg.reg

#7 Příspěvek od **Márty84** » 19 črc 2016 01:58

Nalezy nechte odstranit.

Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu

Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu

Probehne vytvoreni zalohy a nasledne prohledavani

Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

dol · #8 Příspěvek od **dol** » 19 črc 2016 07:05

Zdravím, vkládám, doufám, že v přádku
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x86
Ran by Admin (Administrator) on Łt 19. 07. 2016 at 7:31:34,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Program Files\GUTF4AE.tmp (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 19. 07. 2016 at 7:33:23,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on Łt 19. 07. 2016 at 7:34:43,90.
Microsoft Windows 8.1 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19. 7. 2016 7:36:55 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\Admin\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Admin\AppData\Local\EmieSiteList deleted successfully
C:\Users\Admin\AppData\Local\EmieUserList deleted successfully
C:\Users\Admin\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\GUMF430.tmp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\System32\SET1BAD.tmp deleted
C:\Windows\System32\SET3C3E.tmp deleted
C:\Windows\System32\SET450B.tmp deleted
C:\Windows\System32\SETFCC6.tmp deleted
"C:\Windows\Installer\22f54.msi" deleted

==== Chromium Look ======================

Chrome Media Router - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{D626AECF-D0EC-458B-BA18-55300D0F02DF}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{D626AECF-D0EC-458B-BA18-55300D0F02DF} - https://www.google.com/search?q={search ... utEncoding?}

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D24574353334A600677A7A857BC05210 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D24574353334A600677A7A857BC05210 deleted successfully

==== Empty IE Cache ======================

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=76 folders=1 40830179 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted

==== EOF on Łt 19. 07. 2016 at 7:54:17,37 ======================

#9 Příspěvek od **Márty84** » 20 črc 2016 02:54

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

dol · #10 Příspěvek od **dol** » 20 črc 2016 07:27

Zdravím a odesílám. Info-problém zatím trvá.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by Admin (administrator) on STOLNIPC (20-07-2016 08:17:06)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\livecomm.exe
(Farbar) C:\Users\Admin\Downloads\FRST (1).exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-4140605027-1625828158-2128847343-1001\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [241976 2013-09-20] (PCTV Systems S.à r.l.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-01-09]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk [2014-12-12]
ShortcutTarget: Vyhledat aktualizace.lnk -> C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 81.200.55.86 81.200.55.34
Tcpip\..\Interfaces\{422FBA08-0925-4009-AE87-F2C475D44A88}: [DhcpNameServer] 81.200.55.86 81.200.55.34

Internet Explorer:
==================
HKU\S-1-5-21-4140605027-1625828158-2128847343-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-4140605027-1625828158-2128847343-1001 -> DefaultScope {D626AECF-D0EC-458B-BA18-55300D0F02DF} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-4140605027-1625828158-2128847343-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4140605027-1625828158-2128847343-1001 -> {D626AECF-D0EC-458B-BA18-55300D0F02DF} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-19]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-19]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-19]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-19]
CHR Extension: (Tabulky Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-19]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-14] (NVIDIA Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4304528 2015-07-14] (NVIDIA Corporation)
S3 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybrid; C:\Windows\system32\DRIVERS\3xHybrid.sys [1121536 2006-12-18] (Philips Semiconductors GmbH)
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R3 gdrv; C:\Windows\gdrv.sys [17488 2016-07-20] (Windows (R) 2000 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [42344 2015-07-03] (NVIDIA Corporation)
R3 Ph3xIB32; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [1311232 2011-05-31] (NXP Semiconductors)
S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 08:17 - 2016-07-20 08:17 - 00011094 _____ C:\Users\Admin\Downloads\FRST.txt
2016-07-20 08:14 - 2016-07-20 08:17 - 00000000 ____D C:\FRST
2016-07-20 08:12 - 2016-07-20 08:12 - 01741824 _____ (Farbar) C:\Users\Admin\Downloads\FRST (2).exe
2016-07-20 08:10 - 2016-07-20 08:10 - 01741824 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2016-07-20 08:08 - 2016-07-20 08:08 - 01741824 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-07-19 07:49 - 2016-07-19 07:34 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-07-19 07:34 - 2016-07-19 07:47 - 00000000 ____D C:\zoek_backup
2016-07-19 07:30 - 2016-07-19 07:30 - 01309184 _____ C:\Users\Admin\Desktop\zoek.exe
2016-07-19 07:26 - 2016-07-19 07:26 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2016-07-18 16:50 - 2016-07-19 13:57 - 00000000 ____D C:\Users\Admin\Desktop\Problém s IE
2016-07-18 12:35 - 2016-07-18 12:35 - 03712064 _____ C:\Users\Admin\Desktop\adwcleaner_5.201.exe
2016-07-17 14:38 - 2016-07-17 14:38 - 00000193 _____ C:\Windows\WORDPAD.INI
2016-07-17 14:14 - 2016-07-17 14:15 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-07-17 11:55 - 2016-07-17 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-16 22:08 - 2016-07-16 22:08 - 00314855 _____ C:\Users\Admin\Documents\bookmark 16.7.16.htm
2016-07-15 23:56 - 2016-07-15 23:56 - 00000000 ____D C:\Windows\EOONotify
2016-07-15 22:00 - 2016-05-25 15:22 - 00875712 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-07-15 22:00 - 2016-05-25 15:22 - 00536768 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-07-15 19:26 - 2016-06-25 20:40 - 00045760 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-15 19:26 - 2016-06-25 19:15 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-15 19:26 - 2016-06-25 18:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-07-15 19:26 - 2016-06-25 18:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-15 19:26 - 2016-06-25 18:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-07-15 19:26 - 2016-06-25 17:59 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-15 19:26 - 2016-06-25 17:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-15 19:26 - 2016-06-25 17:51 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-07-15 19:26 - 2016-06-22 15:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-15 19:26 - 2016-06-21 16:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-15 19:26 - 2016-06-21 15:40 - 01288192 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 01004544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-15 19:26 - 2016-06-21 15:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-15 19:26 - 2016-06-11 19:22 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-15 19:26 - 2016-06-11 19:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-15 19:26 - 2016-06-11 19:13 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-15 19:26 - 2016-06-11 19:12 - 20348928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-15 19:26 - 2016-06-11 19:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-15 19:26 - 2016-06-11 18:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-07-15 19:26 - 2016-06-11 18:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-15 19:26 - 2016-06-11 18:38 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-07-15 19:26 - 2016-06-11 18:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-15 19:26 - 2016-06-11 18:31 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-15 19:26 - 2016-06-11 18:31 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-15 19:26 - 2016-06-11 18:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-15 19:26 - 2016-06-11 18:31 - 00330752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-15 19:26 - 2016-06-11 18:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-15 19:26 - 2016-06-11 18:15 - 13806080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-15 19:26 - 2016-06-11 17:59 - 02392576 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-15 19:26 - 2016-06-11 17:56 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-15 19:26 - 2016-06-11 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-15 19:26 - 2016-06-10 21:06 - 03485184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-15 19:25 - 2016-06-11 20:27 - 05761888 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-09 07:54 - 2016-07-09 07:54 - 00000658 _____ C:\Users\Admin\Desktop\Knihovny – zástupce.lnk
2016-07-07 19:46 - 2016-07-07 19:46 - 00440239 _____ C:\Users\Admin\Desktop\16_1.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 08:00 - 2014-12-10 22:58 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 08:00 - 2014-12-10 22:58 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 07:58 - 2014-12-15 12:22 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2016-07-20 07:58 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-19 21:46 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-19 12:40 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\AppReadiness
2016-07-19 11:12 - 2014-12-10 21:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Garmin
2016-07-19 07:25 - 2015-01-25 22:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-18 12:41 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2016-07-18 12:38 - 2016-03-01 09:11 - 00000000 ____D C:\AdwCleaner
2016-07-17 19:58 - 2014-12-11 17:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-07-17 17:12 - 2016-02-29 20:54 - 00000000 ____D C:\Program Files\trend micro
2016-07-17 13:09 - 2014-12-10 23:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-07-17 11:55 - 2015-01-07 09:01 - 00000981 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-16 22:17 - 2014-12-10 22:59 - 00002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-16 05:32 - 2013-08-22 09:22 - 00423024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-15 23:56 - 2014-12-10 14:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-15 23:56 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ToastData
2016-07-15 22:00 - 2013-08-22 10:05 - 00000000 ____D C:\Windows\CbsTemp
2016-07-15 21:59 - 2014-12-10 12:45 - 00000000 ____D C:\Windows\system32\MRT
2016-07-15 21:52 - 2014-12-10 12:45 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-15 21:51 - 2013-08-22 13:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-15 19:36 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\NDF
2016-07-15 16:32 - 2015-09-21 13:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-07 12:57 - 2016-01-30 08:56 - 00334964 _____ C:\Users\Admin\Documents\bookmark.htm
2016-07-07 02:39 - 2014-12-10 12:31 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-02 06:29 - 2013-08-22 10:18 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-02 06:29 - 2013-08-22 10:18 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-21 07:48 - 2016-06-16 18:33 - 00000000 ____D C:\Users\Admin\Desktop\KD červen
2016-06-20 19:38 - 2015-03-17 19:50 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-12-17 14:17 - 2016-03-03 13:33 - 0007601 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-16 10:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2016
Ran by Admin (2016-07-20 08:17:55)
Running from C:\Users\Admin\Downloads
Microsoft Windows 8.1 (Update) (X86) (2014-12-10 09:40:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-4140605027-1625828158-2128847343-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4140605027-1625828158-2128847343-500 - Administrator - Disabled)
Guest (S-1-5-21-4140605027-1625828158-2128847343-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adresy CR v2 (HKLM\...\{7A11431C-3B45-4932-9D83-2F4A609C18F3}) (Version: 1.00 - Picodas Praha, spol. s r.o.)
Aktualizace NVIDIA 2.5.11.45 (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
ATLAS Czech 2013.5 NT (HKLM\...\{FEFCFE7F-221D-4E54-BE2A-A572E4F6B3CB}) (Version: 12.00 - PICODAS PRAHA, spol. s r.o.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CYKLO Czech 2013 NT (HKLM\...\{DCDA6CEA-6963-4D7E-A779-F8378AD64287}) (Version: 4.00 - PICODAS PRAHA, spol. s r.o.)
CzechRep_by_Dave_Luv (HKLM\...\CzechRep_by_Dave_Luv) (Version: - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Energy Saver Advance B10.0309.1 (HKLM\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Garmin BaseCamp (HKLM\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{E31435FE-F0B7-4A62-BE46-BD166A1EEFFB}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
LibreOffice 4.3.5.2 (HKLM\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mariáš 3.2 (HKLM\...\{E91C4E61-DA0E-4A46-AEA6-512BB3698A3F}) (Version: 3.2.0 - Ganttsoft)
Microsoft Office XP Professional s aplikací FrontPage (HKLM\...\{90280405-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.11 - Microsoft Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Ovládací panel NVIDIA 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden
RajcePhotoDownloader (HKLM\...\RajcePhotoDownloader_is1) (Version: verze - Rajce.net)
Rajče průvodce verze 1.59.52.267 (HKLM\...\rajce.net_is1) (Version: - rajce.net)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sony Ericsson PC Suite 6.011.00 (HKLM\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.011.00 - Sony Ericsson)
Sony PC Companion 2.10.236 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
TOPO Czech PRO 2013 (HKLM\...\{8E2A1F3F-0E67-4B33-B8F4-A2A53FDDD844}) (Version: 7.00 - PICODAS PRAHA, spol. s r.o.)
TVCenter (HKLM\...\{F1FF593E-FB5A-487A-872F-1CCCA6F70095}) (Version: 6.4.8.992 - PCTV Systems)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5287DA4D-073E-455F-B6F6-414E4FF3C2C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-07-15] (Microsoft Corporation)
Task: {ADBB767B-D4C1-4C4A-8038-6889BB5C35AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B665F4EF-B308-4B05-B7C4-6C1E24EC32FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F14626C0-E396-4B8B-B686-0626AB3C7D2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {F8B47FF0-28D1-4570-97E7-13316B2A3F05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA45167F-D677-48C2-9696-2ABDFFD227F7} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Mé stránky WWW v síti MSN\target.lnk -> hxxp://uk.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-12-15 12:37 - 2014-12-13 09:30 - 00107664 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-15 12:22 - 2009-12-02 20:40 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
2014-12-15 12:22 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
2015-03-31 13:14 - 2015-07-14 21:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-07-23 11:27 - 2015-07-23 11:30 - 00143360 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\ErrorReporting.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2016-07-19 07:37 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4140605027-1625828158-2128847343-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 81.200.55.86 - 81.200.55.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Vyhledat aktualizace.lnk"
HKU\S-1-5-21-4140605027-1625828158-2128847343-1001\...\StartupApproved\Run: => "RemoTerm.exe"
HKU\S-1-5-21-4140605027-1625828158-2128847343-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{42272E6D-494C-4435-ADE9-1114E434D71F}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{0DA4B934-E9C4-4F88-996F-B3E7DAE4A89B}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{268028B2-8CDE-449F-98FD-833CB4226509}] => (Allow) C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{A8EC6AA9-475F-415D-AFA2-A4809C08010E}] => (Allow) C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{BD8B437E-E713-4FFC-8F37-2FFE22189784}] => (Allow) C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{8537A519-301B-4B8B-9D6F-5601468E1807}] => (Allow) LPort=1900
FirewallRules: [{E4060D3C-9EEF-4897-8F76-92AF879644DE}] => (Allow) LPort=2869
FirewallRules: [{C581C596-0575-43D3-9E3F-45A00C03ACA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1A958CFB-CEA8-4ABE-A85B-EE721D7A808C}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{23603669-CAF2-43E9-ADAD-BBFFBF9D16EC}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{65724714-DD80-48F0-8E10-9A1A4635676C}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{42F3B784-294B-404F-9EF3-DECD179D5454}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C99CFBBB-1BCB-4ADC-97EC-9FE098392255}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7B085C5C-2C0D-484D-8551-2F4F584E2E15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{00E573EE-E464-4675-B998-C3D99B364D3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A025B1F5-6611-4DD9-860C-CDC8D3EDB58B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01BF54C4-7EAB-41D0-8C56-44F4B03EE0DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-06-2016 19:53:52 Naplánovaný kontrolní bod
07-07-2016 11:46:54 Windows Update
15-07-2016 21:46:58 Windows Update
19-07-2016 07:31:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2016 11:11:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AcroRd32.exe, verze: 15.17.20050.61080, časové razítko: 0x5774facd
Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.18233, časové razítko: 0x56bb4e17
Kód výjimky: 0xc0000008
Posun chyby: 0x0006ca47
ID chybujícího procesu: 0xd34
Čas spuštění chybující aplikace: 0xAcroRd32.exe0
Cesta k chybující aplikaci: AcroRd32.exe1
Cesta k chybujícímu modulu: AcroRd32.exe2
ID zprávy: AcroRd32.exe3
Úplný název chybujícího balíčku: AcroRd32.exe4
ID aplikace související s chybujícím balíčkem: AcroRd32.exe5

Error: (07/18/2016 09:14:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program iexplore.exe verze 11.0.9600.18124 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 8a4

Čas spuštění: 01d1e1285cacbe67

Čas ukončení: 91

Cesta k aplikaci: C:\Program Files\Internet Explorer\iexplore.exe

ID hlášení: d003f119-4d1b-11e6-9abc-00241d14a3fa

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (07/18/2016 02:14:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program wwahost.exe verze 6.3.9600.17415 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: bd4

Čas spuštění: 01d1e0ed339cecbf

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\system32\wwahost.exe

ID hlášení: 275c5a25-4ce1-11e6-9abb-00241d14a3fa

Úplný název chybujícího balíčku: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

ID aplikace související s chybujícím balíčkem: App

Error: (07/18/2016 02:14:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20911 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 8f4

Čas spuštění: 01d1e0ed339cecbf

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: 275c8135-4ce1-11e6-9abb-00241d14a3fa

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/17/2016 12:04:28 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/17/2016 11:58:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program CCleaner.exe verze 5.19.0.5633 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: e5c

Čas spuštění: 01d1e01151faca69

Čas ukončení: 15

Cesta k aplikaci: C:\Program Files\CCleaner\CCleaner.exe

ID hlášení: f2dfc78d-4c04-11e6-9ab9-00241d14a3fa

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (07/17/2016 11:57:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/17/2016 11:56:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/16/2016 10:10:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program iexplore.exe verze 11.0.9600.18124 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 111c

Čas spuštění: 01d1df9d97d09319

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files\Internet Explorer\iexplore.exe

ID hlášení: 4a786fc3-4b91-11e6-9ab8-00241d14a3fa

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (07/16/2016 06:17:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program PhotosApp.exe verze 6.3.9600.17418 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: cd8

Čas spuštění: 01d1df7d88a47c02

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\FileManager\PhotosApp.exe

ID hlášení: d2ef9b17-4b70-11e6-9ab8-00241d14a3fa

Úplný název chybujícího balíčku: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy

ID aplikace související s chybujícím balíčkem: Microsoft.Windows.PhotoManager

System errors:
=============
Error: (07/20/2016 08:01:36 AM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/20/2016 08:00:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a29\??\C:\Users\Admin\ntuser.dat

Error: (07/19/2016 09:44:43 PM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/19/2016 09:44:12 PM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/19/2016 02:10:26 PM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/19/2016 12:39:51 PM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/19/2016 11:10:50 AM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/19/2016 11:02:13 AM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/19/2016 07:55:52 AM) (Source: DCOM) (EventID: 10010) (User: STOLNIPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/19/2016 07:47:45 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

CodeIntegrity:
===================================
Date: 2016-07-20 08:10:22.054
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-20 08:10:22.033
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-20 08:10:22.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:31:48.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:31:48.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:31:48.417
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:29:18.986
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:29:18.970
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-19 07:29:18.954
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-18 12:37:56.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\MICROS~1\Office10\MCPS.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 2046.49 MB
Available physical RAM: 1246.05 MB
Total Virtual: 2686.49 MB
Available Virtual: 1814.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.25 GB) (Free:62.43 GB) NTFS
Drive d: () (Fixed) (Total:132.29 GB) (Free:77.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BD94BD94)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

dol · #11 Příspěvek od **dol** » 20 črc 2016 19:15

Zkoušel jsem postupně otevírat Oblíbené, IE zatěžoval paměť nejprve 40 MB, postupně až přes 200 MB, ale neseknul se. Dál jsem už nepokračoval.

#12 Příspěvek od **Márty84** » 21 črc 2016 14:28

Napiste mi velikost adresare plochy (C:\Users\Admin\Plocha)

Presunte FRST na plochu, jinak to nebude fungovat!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

2016-07-19 07:49 - 2016-07-19 07:34 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-07-19 07:34 - 2016-07-19 07:47 - 00000000 ____D C:\zoek_backup
2016-07-19 07:30 - 2016-07-19 07:30 - 01309184 _____ C:\Users\Admin\Desktop\zoek.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

dol · #13 Příspěvek od **dol** » 22 črc 2016 07:06

Díky za trpělivost, ikona Fixlog se na ploše objevila ještě před skenováním FIRSTem, ale snad to bude OK.
Na ploše je celkem 73 MB. FIRST se mi stahuje do Stažených souborů, tentokrát jsem ho přesunul na plochu.

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2016
Ran by Admin (2016-07-22 07:44:29) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

2016-07-19 07:49 - 2016-07-19 07:34 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-07-19 07:34 - 2016-07-19 07:47 - 00000000 ____D C:\zoek_backup
2016-07-19 07:30 - 2016-07-19 07:30 - 01309184 _____ C:\Users\Admin\Desktop\zoek.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\zoek-delete.exe => moved successfully
C:\zoek_backup => moved successfully
C:\Users\Admin\Desktop\zoek.exe => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
gupdate => service removed successfully.
SkypeUpdate => service removed successfully.
gupdatem => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54575006 B
Java, Flash, Steam htmlcache => 1283 B
Windows/system/drivers => 10097906 B
Edge => 0 B
Chrome => 147101177 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 12540 B
Admin => 296132200 B

RecycleBin => 23025484 B
EmptyTemp: => 514.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:46:16 ====

#14 Příspěvek od **Márty84** » 23 črc 2016 10:20

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada.

dol · #15 Příspěvek od **dol** » 24 črc 2016 12:45

Opět zdravím, začínám být pesimistou, protože více programů na vyčištění snad ani být nemůže.
Podle rady jsem všechno provedl, zlepšení je v tom, že IE už stránky z důvodu útoku skriptování mezi weby neupravuje, IE se občas zasekne, ale po spuštění bez předchozího zavření už nespadává.
Mám podezření na Adobe Flash player, i když ho mezi programy nemám, ale měl jsem s ním v minulosti problém; objevil se mezi doplňky IE, možná proto, že jsem znovu instaloval IE 11.
Taky na Seznamu se mi při otevření nenačítají zprávy, ale to zkusím řešit s poradnou Seznamu. OS snad bude v pořádku, protože s GoogleChrome potíže nejsou.
Je ještě nějaké jiné řešení než zvyknout si na občasné zatuhnutí IE nebo přejít na jiný prohlížeč?
Přidávám občasnou zprávu o chybě z prohlížeče událostí

Program iexplore.exe verze 11.0.9600.18124 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: eec
Čas spuštění: 01d1e56e3d030615
Čas ukončení: 31
Cesta k aplikaci: C:\Program Files\Internet Explorer\iexplore.exe
ID hlášení: 9f9a6995-5161-11e6-9acb-00241d14a3fa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Podrobnosti:
+ System
- Provider
[ Name] Application Hang

- EventID 1002
[ Qualifiers] 0

Level 2

Task 101

Keywords 0x80000000000000

- TimeCreated
[ SystemTime] 2016-07-24T05:33:00.000000000Z

EventRecordID 85400

Channel Application

Computer StolniPC

Security

- EventData
iexplore.exe
11.0.9600.18124
bd4
01d1e56c9751c741
60
C:\Program Files\Internet Explorer\iexplore.exe
079116d4-5160-11e6-9aca-00241d14a3fa

430072006F00730073002D00700072006F006300650073007300000054006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000

Binární data:
Ve slovech
0000: 00720043 0073006F 002D0073 00720070
0010: 0063006F 00730065 00000073 006F0054
0020: 00200070 0065006C 00650076 0020006C
0030: 00690077 0064006E 0077006F 00690020
0040: 00200073 00640069 0065006C 00000000
V bajtech
0000: 43 00 72 00 6F 00 73 00 C.r.o.s.
0008: 73 00 2D 00 70 00 72 00 s.-.p.r.
0010: 6F 00 63 00 65 00 73 00 o.c.e.s.
0018: 73 00 00 00 54 00 6F 00 s...T.o.
0020: 70 00 20 00 6C 00 65 00 p. .l.e.
0028: 76 00 65 00 6C 00 20 00 v.e.l. .
0030: 77 00 69 00 6E 00 64 00 w.i.n.d.
0038: 6F 00 77 00 20 00 69 00 o.w. .i.
0040: 73 00 20 00 69 00 64 00 s. .i.d.
0048: 6C 00 65 00 00 00 00 00 l.e.....

Nevím, zda chyba souvisí s problémem.

VIRY.CZ

Problém s IE

Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE

Re: Problém s IE