prosím o radu

[benytop]

Zdravím a pozdravuji.
Mám problém pomalý NTB, ram plná 54% z 3gb, win7/64, na youtube cca po 20min sledování videa přestane video reagovat.
Co a jak mám udělat, aby bylo vše ok?
Dekuji za rady

[Rudy]

Zdravím!
Zkusíme NB vyčistit. Dejte nejprve log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

[benytop]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Benyto (administrator) on BENYTO-PC (15-02-2018 12:59:51)
Running from C:\Users\Benyto\Downloads
Loaded Profiles: Benyto (Available Profiles: Benyto)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe
() C:\Windows\runSW.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtWLan.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7D9CF8AA-ED8B-4506-AB6C-1B273AD39B41}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{93BF9442-C2CB-475E-91FA-CB4133685B46}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B297C1DB-985C-4409-ADE6-2639BE97B82C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default [2018-02-15]
CHR Extension: (Prezentace) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Tabulky) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia) [File not signed]
S3 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RtlService; C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [1013544 2008-08-15] (Bison Electronics. Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2350152 2013-05-07] (Realtek Semiconductor Corporation )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-14] ()
S3 USBAVCap; C:\Windows\System32\drivers\USBAVCap.sys [904192 2009-10-08] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 12:59 - 2018-02-15 13:01 - 000009632 _____ C:\Users\Benyto\Downloads\FRST.txt
2018-02-15 12:59 - 2018-02-15 12:59 - 002405376 _____ (Farbar) C:\Users\Benyto\Downloads\FRST64.exe
2018-02-15 12:59 - 2018-02-15 12:59 - 000000000 ____D C:\FRST
2018-02-14 14:31 - 2018-02-14 14:34 - 067292528 _____ (Malwarebytes ) C:\Users\Benyto\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3932.exe
2018-02-14 13:59 - 2018-02-14 14:01 - 017720322 _____ C:\Users\Benyto\Downloads\Nepotvrzeno 799421.crdownload
2018-02-10 16:10 - 2018-02-14 15:03 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-02-10 16:10 - 2018-02-10 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-10 16:09 - 2018-02-10 16:10 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-10 16:09 - 2018-02-10 16:09 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-10 16:07 - 2018-02-10 16:08 - 031926992 _____ (Adlice Software ) C:\Users\Benyto\Downloads\setup.exe
2018-02-09 17:45 - 2018-02-14 14:34 - 000000000 ____D C:\AdwCleaner
2018-02-09 17:45 - 2018-02-09 17:46 - 008222496 _____ (Malwarebytes) C:\Users\Benyto\Downloads\adwcleaner_7.0.8.0.exe
2018-02-08 14:56 - 2018-02-08 14:56 - 000001630 _____ C:\Users\Benyto\Documents\startup.txt
2018-02-03 20:53 - 2018-01-23 19:58 - 000548000 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-02-03 20:39 - 2018-02-03 20:39 - 000001912 _____ C:\Windows\epplauncher.mif
2018-02-03 20:38 - 2018-02-03 20:38 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-02-03 20:38 - 2018-02-03 20:38 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-02-03 20:38 - 2018-02-03 20:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2018-02-03 20:36 - 2018-02-03 20:37 - 015085248 _____ (Microsoft Corporation) C:\Users\Benyto\Downloads\mseinstall.exe
2018-01-28 10:55 - 2018-01-28 10:55 - 000343599 _____ C:\Users\Benyto\Downloads\Přehled stavu pojistné smlouvy (1).pdf
2018-01-28 10:47 - 2018-01-28 10:47 - 000343599 _____ C:\Users\Benyto\Downloads\Přehled stavu pojistné smlouvy.pdf
2018-01-18 18:06 - 2018-01-18 18:06 - 000358228 _____ C:\Users\Benyto\Downloads\Export_20180118060627.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 09:52 - 2016-04-20 09:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-15 09:51 - 2016-04-20 09:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 06:12 - 2009-07-14 05:45 - 000013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-15 06:12 - 2009-07-14 05:45 - 000013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-15 06:05 - 2016-01-20 19:46 - 000000290 _____ C:\Windows\Tasks\CheckDriveBackgroundGuard.job
2018-02-15 06:04 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-14 07:39 - 2009-07-14 06:08 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-13 14:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-11 10:57 - 2017-12-31 12:25 - 000000000 ____D C:\Users\Benyto\Documents\NFS Carbon
2018-02-11 08:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-07 14:46 - 2016-01-21 18:18 - 000007610 _____ C:\Users\Benyto\AppData\Local\resmon.resmoncfg
2018-02-07 13:01 - 2015-12-18 19:41 - 000000000 ____D C:\Users\Benyto\AppData\Roaming\AVG
2018-02-07 13:01 - 2015-12-18 19:36 - 000000000 ____D C:\ProgramData\Avg
2018-02-07 13:01 - 2015-12-18 19:36 - 000000000 ____D C:\Program Files (x86)\AVG
2018-02-07 13:01 - 2015-12-18 19:33 - 000000000 ____D C:\Users\Benyto\AppData\Local\Avg
2018-02-03 20:41 - 2015-12-18 19:34 - 000000000 ____D C:\Users\Benyto\AppData\Local\AvgSetupLog
2018-02-03 20:38 - 2015-12-19 09:37 - 000000000 ____D C:\Windows\system32\MRT
2018-02-03 20:31 - 2017-10-11 19:37 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-03 20:30 - 2015-12-19 09:37 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-31 16:35 - 2009-07-14 16:18 - 000668724 _____ C:\Windows\system32\perfh005.dat
2018-01-31 16:35 - 2009-07-14 16:18 - 000141352 _____ C:\Windows\system32\perfc005.dat
2018-01-31 16:35 - 2009-07-14 06:13 - 001582942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-28 19:05 - 2016-01-14 23:23 - 000000000 ____D C:\Filmy
2018-01-27 22:57 - 2017-07-15 16:19 - 000019120 _____ C:\Windows\KernelMessage
2018-01-21 09:51 - 2016-01-14 11:27 - 000000000 ____D C:\Disk
2018-01-21 09:38 - 2017-03-19 18:52 - 000004608 _____ C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-17 20:27 - 2017-08-23 10:49 - 000016384 _____ C:\Users\Benyto\Documents\PŘEHLED K ÚVĚRU OD BUŘINKY.xls

==================== Files in the root of some directories =======

2017-03-19 18:52 - 2018-01-21 09:38 - 000004608 _____ () C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-21 18:18 - 2018-02-07 14:46 - 000007610 _____ () C:\Users\Benyto\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-02-10 16:10 - 2017-09-13 16:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Benyto\AppData\Local\Temp\dllnt_dump.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Benyto\AppData\Local\Temp\libeay32.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 000970912 _____ (Microsoft Corporation) C:\Users\Benyto\AppData\Local\Temp\msvcr120.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 000772672 _____ () C:\Users\Benyto\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 07:28

==================== End of FRST.txt ============================

[benytop]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Benyto (15-02-2018 13:01:51)
Running from C:\Users\Benyto\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-18 18:26:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3066880665-722362445-698270547-500 - Administrator - Disabled)
Benyto (S-1-5-21-3066880665-722362445-698270547-1001 - Administrator - Enabled) => C:\Users\Benyto
Guest (S-1-5-21-3066880665-722362445-698270547-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3066880665-722362445-698270547-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Aladdin (DosBox 0.73 emulation) (HKLM-x32\...\Aladdin (DosBox 0.73 emulation)) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVerMedia Applications (HKLM-x32\...\{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.) Hidden
AVerMedia Applications (HKLM-x32\...\InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.)
AVerTV (HKLM-x32\...\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
BisonCam (HKLM-x32\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version: 6.64.0.05 - Bisont Electrocnics. Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
Cars Demo (HKLM-x32\...\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}) (Version: 1.00.0000 - THQ)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MV2Player (remove only) (HKLM-x32\...\MV2Player) (Version: - )
Need For Speed - Carbon verze 1.4 (HKLM-x32\...\{EAF8BFBB-1CFD-4249-BEE8-D3EEA345553E}_is1) (Version: 1.4 - EA Games)
netis Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0219 - )
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RogueKiller verze 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
The Lion King (DosBox 0.73 emulation) (HKLM-x32\...\The Lion King (DosBox 0.73 emulation)) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26993309-9A32-4037-A12C-EF8928C57990} - System32\Tasks\{A341512C-8D13-440B-BA70-0CE6C5EB47AC} => C:\Windows\system32\pcalua.exe -a C:\Users\Benyto\Downloads\ad_alc888_6.0.1.5449_vx00\R172a\Setup.exe -d C:\Users\Benyto\Downloads\ad_alc888_6.0.1.5449_vx00\R172a
Task: {2CCB980E-8C55-47B3-B3B7-E9C4D4356FD3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5BE07B11-A7C5-48F7-B580-3003F4354D36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {902DACB2-31D5-4C41-B7F8-9FFD27C87601} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {E291E846-ABE1-429E-8370-DAF0AEF7ED88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {F375DB17-4F1B-4998-91D6-B4A2A5321814} - System32\Tasks\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {FBAAC645-2307-4705-9C3F-C8BD5E272396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CheckDriveBackgroundGuard.job => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-02-13 22:03 - 2013-05-14 13:24 - 000044104 _____ () C:\Windows\runSW.exe
2018-01-09 06:11 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 06:11 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-02-13 22:03 - 2013-02-27 17:17 - 000221184 _____ () C:\Program Files (x86)\netis\USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:19D65491 [153]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3066880665-722362445-698270547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benyto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BisonHK => C:\Windows\BisonCam\BisonHK.exe
MSCONFIG\startupreg: BsMnt => C:\Windows\BisonCam\BsMnt.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1266DDB4-7C31-4A5A-995F-07F8FADC84B6}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6DE8DA2D-C902-4044-8EA0-1F3C5A8C03DF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{53B827B1-0BFD-4640-B7F0-81811BDD444B}] => (Allow) C:\PROGRA~2\netis\USBWIR~1\RtWlan.exe
FirewallRules: [{DE465DCA-5998-4DF9-B4C8-77F09CCD3624}] => (Allow) LPort=1542
FirewallRules: [{47739BA3-1B07-45F1-AC82-F251A162C855}] => (Allow) LPort=1542
FirewallRules: [{3FC4D70D-C79B-4164-9BF7-EB6FF229D472}] => (Allow) LPort=53
FirewallRules: [{439B7E16-3405-49DE-8ED2-941490BC01A9}] => (Allow) LPort=67
FirewallRules: [{5A864A4D-23C7-4EF6-82C2-43045E543260}] => (Allow) LPort=68
FirewallRules: [{C95599BC-1158-4388-BDC3-D831812F5905}] => (Allow) LPort=53
FirewallRules: [{FBCB0007-6210-40AB-A74D-4FB187326F36}] => (Allow) C:\Program Files (x86)\netis\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{98DEE967-A1F7-4F76-91DF-48F65609DADE}] => (Allow) LPort=53
FirewallRules: [{49128FBA-F4B4-47D1-A6BA-F4B0DF2D1E20}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-01-2018 14:59:28 Naplánovaný kontrolní bod
29-01-2018 09:43:53 Naplánovaný kontrolní bod
03-02-2018 20:29:50 Windows Update
07-02-2018 10:48:42 Windows Update
07-02-2018 14:54:14 Odebráno: Nokia Connectivity Cable Driver
14-02-2018 13:52:29 Removed Visual Studio 2012 x64 Redistributables
14-02-2018 13:53:14 Removed Visual Studio 2012 x86 Redistributables
14-02-2018 13:59:41 Removed Cisco EAP-FAST Module
14-02-2018 14:00:18 Removed Cisco LEAP Module
14-02-2018 14:00:47 Removed Cisco PEAP Module

==================== Faulty Device Manager Devices =============

Name: Jiný most na sběrnici PCI
Description: Jiný most na sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2018 08:36:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Svazek (C:) nebyl defragmentován, protože byla zjištěna chyba: Na tomto svazku je nastaven nevyřízený bit. (0x89000015).

Error: (02/08/2018 09:56:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Cars.exe, verze: 0.0.0.0, časové razítko: 0x446e2a8a
Název chybujícího modulu: Cars.exe, verze: 0.0.0.0, časové razítko: 0x446e2a8a
Kód výjimky: 0xc0000005
Posun chyby: 0x0022e206
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01d3a0b85e888208
Cesta k chybující aplikaci: C:\Program Files (x86)\THQ\Disney-Pixar\Cars Demo\Cars.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\THQ\Disney-Pixar\Cars Demo\Cars.exe
ID zprávy: fec58008-0cad-11e8-83af-0019dbec3354

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgVmm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgSP.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgSnx.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgRvrt.

System Error:
Systém nemůže nalézt uvedený soubor.
.


System errors:
=============
Error: (02/14/2018 02:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/14/2018 02:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/14/2018 02:35:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/14/2018 02:34:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (02/14/2018 02:34:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (02/14/2018 02:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/14/2018 02:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RunSwUSB byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/14/2018 02:34:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RtlService byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58
Percentage of memory in use: 51%
Total physical RAM: 3071.37 MB
Available physical RAM: 1480.02 MB
Total Virtual: 6140.92 MB
Available Virtual: 4077.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:175.97 GB) NTFS
Drive d: (JEDEN_ZIVOT_1) (CDROM) (Total:4.15 GB) (Free:0 GB) UDF

\\?\Volume{9a69842e-a5b2-11e5-b437-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2210999C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[benytop]

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 15 13:00:25 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-15-2018.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DriverDoc, C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2578 B] - [2018/2/9 16:50:23]
C:/AdwCleaner/AdwCleaner[C1].txt - [1271 B] - [2018/2/9 17:4:58]
C:/AdwCleaner/AdwCleaner[C2].txt - [1405 B] - [2018/2/14 13:34:53]
C:/AdwCleaner/AdwCleaner[S0].txt - [2758 B] - [2018/2/9 16:49:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1086 B] - [2018/2/9 17:4:39]
C:/AdwCleaner/AdwCleaner[S2].txt - [1218 B] - [2018/2/14 13:33:59]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

[benytop]

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 15 13:01:38 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2578 B] - [2018/2/9 16:50:23]
C:/AdwCleaner/AdwCleaner[C1].txt - [1271 B] - [2018/2/9 17:4:58]
C:/AdwCleaner/AdwCleaner[C2].txt - [1405 B] - [2018/2/14 13:34:53]
C:/AdwCleaner/AdwCleaner[S0].txt - [2758 B] - [2018/2/9 16:49:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1086 B] - [2018/2/9 17:4:39]
C:/AdwCleaner/AdwCleaner[S2].txt - [1218 B] - [2018/2/14 13:33:59]
C:/AdwCleaner/AdwCleaner[S3].txt - [1434 B] - [2018/2/15 13:0:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

[Rudy]

Dejte nový log FRST.

[benytop]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Benyto (administrator) on BENYTO-PC (15-02-2018 19:01:21)
Running from C:\Users\Benyto\Downloads
Loaded Profiles: Benyto (Available Profiles: Benyto)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe
() C:\Windows\runSW.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtWLan.exe
(Realtek) C:\Windows\SwUSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7D9CF8AA-ED8B-4506-AB6C-1B273AD39B41}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{93BF9442-C2CB-475E-91FA-CB4133685B46}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B297C1DB-985C-4409-ADE6-2639BE97B82C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default [2018-02-15]
CHR Extension: (Prezentace) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Tabulky) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Benyto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia) [File not signed]
S3 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RtlService; C:\Program Files (x86)\netis\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [1013544 2008-08-15] (Bison Electronics. Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl8b1a890e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5950B5EC-34CA-48FB-A925-4900E26DB0AB}\MpKsl8b1a890e.sys [58120 2018-02-15] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2350152 2013-05-07] (Realtek Semiconductor Corporation )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-14] ()
S3 USBAVCap; C:\Windows\System32\drivers\USBAVCap.sys [904192 2009-10-08] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 13:01 - 2018-02-15 13:02 - 000020490 _____ C:\Users\Benyto\Downloads\Addition.txt
2018-02-15 12:59 - 2018-02-15 19:02 - 000009667 _____ C:\Users\Benyto\Downloads\FRST.txt
2018-02-15 12:59 - 2018-02-15 19:01 - 000000000 ____D C:\FRST
2018-02-15 12:59 - 2018-02-15 12:59 - 002405376 _____ (Farbar) C:\Users\Benyto\Downloads\FRST64.exe
2018-02-14 14:31 - 2018-02-14 14:34 - 067292528 _____ (Malwarebytes ) C:\Users\Benyto\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3932.exe
2018-02-14 13:59 - 2018-02-14 14:01 - 017720322 _____ C:\Users\Benyto\Downloads\Nepotvrzeno 799421.crdownload
2018-02-10 16:10 - 2018-02-14 15:03 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-02-10 16:10 - 2018-02-10 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-10 16:09 - 2018-02-10 16:10 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-10 16:09 - 2018-02-10 16:09 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-10 16:07 - 2018-02-10 16:08 - 031926992 _____ (Adlice Software ) C:\Users\Benyto\Downloads\setup.exe
2018-02-09 17:45 - 2018-02-15 14:05 - 000000000 ____D C:\AdwCleaner
2018-02-09 17:45 - 2018-02-09 17:46 - 008222496 _____ (Malwarebytes) C:\Users\Benyto\Downloads\adwcleaner_7.0.8.0.exe
2018-02-08 14:56 - 2018-02-08 14:56 - 000001630 _____ C:\Users\Benyto\Documents\startup.txt
2018-02-03 20:53 - 2018-01-23 19:58 - 000548000 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-02-03 20:39 - 2018-02-03 20:39 - 000001912 _____ C:\Windows\epplauncher.mif
2018-02-03 20:38 - 2018-02-03 20:38 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-02-03 20:38 - 2018-02-03 20:38 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-02-03 20:38 - 2018-02-03 20:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2018-02-03 20:36 - 2018-02-03 20:37 - 015085248 _____ (Microsoft Corporation) C:\Users\Benyto\Downloads\mseinstall.exe
2018-01-28 10:55 - 2018-01-28 10:55 - 000343599 _____ C:\Users\Benyto\Downloads\Přehled stavu pojistné smlouvy (1).pdf
2018-01-28 10:47 - 2018-01-28 10:47 - 000343599 _____ C:\Users\Benyto\Downloads\Přehled stavu pojistné smlouvy.pdf
2018-01-18 18:06 - 2018-01-18 18:06 - 000358228 _____ C:\Users\Benyto\Downloads\Export_20180118060627.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 14:19 - 2009-07-14 05:45 - 000013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-15 14:19 - 2009-07-14 05:45 - 000013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-15 14:02 - 2016-01-20 19:46 - 000000290 _____ C:\Windows\Tasks\CheckDriveBackgroundGuard.job
2018-02-15 14:02 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-15 09:52 - 2016-04-20 09:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-15 09:51 - 2016-04-20 09:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-14 07:39 - 2009-07-14 06:08 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-13 14:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-11 10:57 - 2017-12-31 12:25 - 000000000 ____D C:\Users\Benyto\Documents\NFS Carbon
2018-02-11 08:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-07 14:46 - 2016-01-21 18:18 - 000007610 _____ C:\Users\Benyto\AppData\Local\resmon.resmoncfg
2018-02-07 13:01 - 2015-12-18 19:41 - 000000000 ____D C:\Users\Benyto\AppData\Roaming\AVG
2018-02-07 13:01 - 2015-12-18 19:36 - 000000000 ____D C:\ProgramData\Avg
2018-02-07 13:01 - 2015-12-18 19:36 - 000000000 ____D C:\Program Files (x86)\AVG
2018-02-07 13:01 - 2015-12-18 19:33 - 000000000 ____D C:\Users\Benyto\AppData\Local\Avg
2018-02-03 20:41 - 2015-12-18 19:34 - 000000000 ____D C:\Users\Benyto\AppData\Local\AvgSetupLog
2018-02-03 20:38 - 2015-12-19 09:37 - 000000000 ____D C:\Windows\system32\MRT
2018-02-03 20:31 - 2017-10-11 19:37 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-03 20:30 - 2015-12-19 09:37 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-31 16:35 - 2009-07-14 16:18 - 000668724 _____ C:\Windows\system32\perfh005.dat
2018-01-31 16:35 - 2009-07-14 16:18 - 000141352 _____ C:\Windows\system32\perfc005.dat
2018-01-31 16:35 - 2009-07-14 06:13 - 001582942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-28 19:05 - 2016-01-14 23:23 - 000000000 ____D C:\Filmy
2018-01-27 22:57 - 2017-07-15 16:19 - 000019120 _____ C:\Windows\KernelMessage
2018-01-21 09:51 - 2016-01-14 11:27 - 000000000 ____D C:\Disk
2018-01-21 09:38 - 2017-03-19 18:52 - 000004608 _____ C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-17 20:27 - 2017-08-23 10:49 - 000016384 _____ C:\Users\Benyto\Documents\PŘEHLED K ÚVĚRU OD BUŘINKY.xls

==================== Files in the root of some directories =======

2017-03-19 18:52 - 2018-01-21 09:38 - 000004608 _____ () C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-21 18:18 - 2018-02-07 14:46 - 000007610 _____ () C:\Users\Benyto\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-02-10 16:10 - 2017-09-13 16:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Benyto\AppData\Local\Temp\dllnt_dump.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Benyto\AppData\Local\Temp\libeay32.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 000970912 _____ (Microsoft Corporation) C:\Users\Benyto\AppData\Local\Temp\msvcr120.dll
2016-10-19 16:11 - 2016-10-19 16:11 - 000772672 _____ () C:\Users\Benyto\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 07:28

==================== End of FRST.txt ============================

[benytop]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Benyto (15-02-2018 19:03:27)
Running from C:\Users\Benyto\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-18 18:26:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3066880665-722362445-698270547-500 - Administrator - Disabled)
Benyto (S-1-5-21-3066880665-722362445-698270547-1001 - Administrator - Enabled) => C:\Users\Benyto
Guest (S-1-5-21-3066880665-722362445-698270547-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3066880665-722362445-698270547-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Aladdin (DosBox 0.73 emulation) (HKLM-x32\...\Aladdin (DosBox 0.73 emulation)) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVerMedia Applications (HKLM-x32\...\{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.) Hidden
AVerMedia Applications (HKLM-x32\...\InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.)
AVerTV (HKLM-x32\...\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
BisonCam (HKLM-x32\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version: 6.64.0.05 - Bisont Electrocnics. Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
Cars Demo (HKLM-x32\...\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}) (Version: 1.00.0000 - THQ)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MV2Player (remove only) (HKLM-x32\...\MV2Player) (Version: - )
Need For Speed - Carbon verze 1.4 (HKLM-x32\...\{EAF8BFBB-1CFD-4249-BEE8-D3EEA345553E}_is1) (Version: 1.4 - EA Games)
netis Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0219 - )
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RogueKiller verze 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
The Lion King (DosBox 0.73 emulation) (HKLM-x32\...\The Lion King (DosBox 0.73 emulation)) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26993309-9A32-4037-A12C-EF8928C57990} - System32\Tasks\{A341512C-8D13-440B-BA70-0CE6C5EB47AC} => C:\Windows\system32\pcalua.exe -a C:\Users\Benyto\Downloads\ad_alc888_6.0.1.5449_vx00\R172a\Setup.exe -d C:\Users\Benyto\Downloads\ad_alc888_6.0.1.5449_vx00\R172a
Task: {5BE07B11-A7C5-48F7-B580-3003F4354D36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {6A526FDD-885E-4FBB-B57A-0FA73E343B13} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {902DACB2-31D5-4C41-B7F8-9FFD27C87601} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {E291E846-ABE1-429E-8370-DAF0AEF7ED88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {F375DB17-4F1B-4998-91D6-B4A2A5321814} - System32\Tasks\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {FBAAC645-2307-4705-9C3F-C8BD5E272396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CheckDriveBackgroundGuard.job => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-02-13 22:03 - 2013-05-14 13:24 - 000044104 _____ () C:\Windows\runSW.exe
2018-01-09 06:11 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 06:11 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-02-13 22:03 - 2013-02-27 17:17 - 000221184 _____ () C:\Program Files (x86)\netis\USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:19D65491 [153]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3066880665-722362445-698270547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benyto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BisonHK => C:\Windows\BisonCam\BisonHK.exe
MSCONFIG\startupreg: BsMnt => C:\Windows\BisonCam\BsMnt.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1266DDB4-7C31-4A5A-995F-07F8FADC84B6}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6DE8DA2D-C902-4044-8EA0-1F3C5A8C03DF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{53B827B1-0BFD-4640-B7F0-81811BDD444B}] => (Allow) C:\PROGRA~2\netis\USBWIR~1\RtWlan.exe
FirewallRules: [{DE465DCA-5998-4DF9-B4C8-77F09CCD3624}] => (Allow) LPort=1542
FirewallRules: [{47739BA3-1B07-45F1-AC82-F251A162C855}] => (Allow) LPort=1542
FirewallRules: [{3FC4D70D-C79B-4164-9BF7-EB6FF229D472}] => (Allow) LPort=53
FirewallRules: [{439B7E16-3405-49DE-8ED2-941490BC01A9}] => (Allow) LPort=67
FirewallRules: [{5A864A4D-23C7-4EF6-82C2-43045E543260}] => (Allow) LPort=68
FirewallRules: [{C95599BC-1158-4388-BDC3-D831812F5905}] => (Allow) LPort=53
FirewallRules: [{FBCB0007-6210-40AB-A74D-4FB187326F36}] => (Allow) C:\Program Files (x86)\netis\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{98DEE967-A1F7-4F76-91DF-48F65609DADE}] => (Allow) LPort=53
FirewallRules: [{49128FBA-F4B4-47D1-A6BA-F4B0DF2D1E20}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-02-2018 20:29:50 Windows Update
07-02-2018 10:48:42 Windows Update
07-02-2018 14:54:14 Odebráno: Nokia Connectivity Cable Driver
14-02-2018 13:52:29 Removed Visual Studio 2012 x64 Redistributables
14-02-2018 13:53:14 Removed Visual Studio 2012 x86 Redistributables
14-02-2018 13:59:41 Removed Cisco EAP-FAST Module
14-02-2018 14:00:18 Removed Cisco LEAP Module
14-02-2018 14:00:47 Removed Cisco PEAP Module
15-02-2018 14:13:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: Jiný most na sběrnici PCI
Description: Jiný most na sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2018 08:36:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Svazek (C:) nebyl defragmentován, protože byla zjištěna chyba: Na tomto svazku je nastaven nevyřízený bit. (0x89000015).

Error: (02/08/2018 09:56:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Cars.exe, verze: 0.0.0.0, časové razítko: 0x446e2a8a
Název chybujícího modulu: Cars.exe, verze: 0.0.0.0, časové razítko: 0x446e2a8a
Kód výjimky: 0xc0000005
Posun chyby: 0x0022e206
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01d3a0b85e888208
Cesta k chybující aplikaci: C:\Program Files (x86)\THQ\Disney-Pixar\Cars Demo\Cars.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\THQ\Disney-Pixar\Cars Demo\Cars.exe
ID zprávy: fec58008-0cad-11e8-83af-0019dbec3354

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgVmm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgSP.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgSnx.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (02/07/2018 10:49:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgRvrt.

System Error:
Systém nemůže nalézt uvedený soubor.
.


System errors:
=============
Error: (02/15/2018 02:01:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/15/2018 02:01:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/15/2018 02:01:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\Rtlihvs.dll

Error: (02/15/2018 02:01:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (02/15/2018 02:01:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (02/15/2018 02:01:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/15/2018 02:01:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/15/2018 02:01:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RunSwUSB byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58
Percentage of memory in use: 46%
Total physical RAM: 3071.37 MB
Available physical RAM: 1645.7 MB
Total Virtual: 6140.92 MB
Available Virtual: 4294.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:179.42 GB) NTFS

\\?\Volume{9a69842e-a5b2-11e5-b437-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2210999C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {FBAAC645-2307-4705-9C3F-C8BD5E272396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {902DACB2-31D5-4C41-B7F8-9FFD27C87601} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Benyto\AppData\Local\Temp

EmptyTemp:
End

Uložte do C:\Users\Benyto\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[benytop]

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Benyto (15-02-2018 22:54:05) Run:1
Running from C:\Users\Benyto\Downloads
Loaded Profiles: Benyto (Available Profiles: Benyto)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {FBAAC645-2307-4705-9C3F-C8BD5E272396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {902DACB2-31D5-4C41-B7F8-9FFD27C87601} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3066880665-722362445-698270547-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0968C9C6-FE77-42AE-B0DA-5AA53F5F975D}&mid=081390139bcc47cca43ed154d4aff0db-a9d900fbfb3a49df4ad1bed27edd398324ee4a37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 12:54:17&v=4.3.8.510&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Benyto\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBAAC645-2307-4705-9C3F-C8BD5E272396} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBAAC645-2307-4705-9C3F-C8BD5E272396} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902DACB2-31D5-4C41-B7F8-9FFD27C87601} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902DACB2-31D5-4C41-B7F8-9FFD27C87601} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove key. ErrorCode1: 0x00000002
"HKU\S-1-5-21-3066880665-722362445-698270547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3066880665-722362445-698270547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
C:\Users\Benyto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Benyto\AppData\Local\Temp" folder move:

Could not move "C:\Users\Benyto\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9085340 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 289371 B
Edge => 0 B
Chrome => 415829515 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83760 B
systemprofile32 => 67230 B
LocalService => 132244 B
NetworkService => 118584 B
Benyto => 8893645 B

RecycleBin => 0 B
EmptyTemp: => 422.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-02-2018 22:58:06)

C:\Users\Benyto\AppData\Local\Temp => moved successfully

Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBAAC645-2307-4705-9C3F-C8BD5E272396}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBAAC645-2307-4705-9C3F-C8BD5E272396}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902DACB2-31D5-4C41-B7F8-9FFD27C87601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902DACB2-31D5-4C41-B7F8-9FFD27C87601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully

==== End of Fixlog 22:58:07 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[benytop]

uvolnila se paměť cca o 220MB
Ale zdá se mi, že po pohém spuštění systému a nečinosti by mohla paměť být ještě volnější. Aktualně zabírá cca920MB.
A ještě jedna věc. Při spuštění prohližeče chrom trvá cca 7sec, než se něco začne dít. otevře se okno a čeká se a čeká se.
právě teď jen co píšu a mám otevřeného správce uloh má paměť zabraných 1,73GB

[Rudy]

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.