Zamrzající notebook

Zpráva

Bohdan · #1 Příspěvek od **Bohdan** » 20 srp 2018 13:21

Prosím o kontrolu - jde o starší notebook Asus - normálně mě jede jen v nouzovém režimu. Při pokusu o běžný start nabíhá - chvilku po zobrazení plochy se na pravo dole na pozadí objeví hláška (výstraha) Windows (7 Home Premium) "Nepodařilo se připojení ke službě systému Windows. Nelze se připojit ke službě služba oznamování událostí systému. Tento problém brání standardním uživatelům v přihlášení do systému. Jako uživatel s oprávněními správy můžete v protokolu událostí systému zjstit, proč služba nereaguje", a pak asi tak za minutu, za 2 notebook zcela zamrzne, ani kurzor se nepohybuje, nereaguje ani na 3 klávesy. Jestli výstraha souvisí se zamrzáním, mě není jasné. Obnovení systému je vypnuté. Tak tak se podařilo udělat následující log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by kacerka at 2018-08-20 13:06:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 5 GB (5%) free of 119 GB
Total RAM: 4095 MB (78% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\Microsoft Security Client\\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke
"C:\Program Files\Microsoft Security Client\\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
\??\C:\Windows\system32\conhost.exe "-2138042090-1995744591-14465881711198592448-7090828212003391891-46935743-2016435988
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {55991CD8-E034-4BD6-8E57-AD66723DB1DE}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\sppsvc.exe
"C:\Users\kacerka\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /cr
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\CCleaner Update.job - C:\Program Files\CCleaner\CCUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-04 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-04 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingSvc]
C:\Users\kacerka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2016-02-24 144008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11 30877280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\kacerka\AppData\Roaming\Spotify\Spotify.exe --autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\kacerka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018-03-06 782736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2018-08-09 3206432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22 596528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^kacerka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
C:\PROGRA~2\MYPCBA~1\MYPCBA~1.EXE [2016-03-14 2320896]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-10-06 98304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-20 13:06:34 ----D---- C:\Program Files\trend micro
2018-08-20 13:06:33 ----D---- C:\rsit
2018-08-20 13:00:22 ----A---- C:\Windows\ntbtlog.txt
2018-08-16 14:36:25 ----D---- C:\Windows\pss

======List of files/folders modified in the last 1 month======

2018-08-20 13:06:34 ----RD---- C:\Program Files
2018-08-20 13:06:31 ----D---- C:\Windows\Temp
2018-08-20 13:00:22 ----D---- C:\Windows
2018-08-17 13:32:37 ----D---- C:\Windows\SoftwareDistribution
2018-08-17 13:32:20 ----D---- C:\Windows\inf
2018-08-17 13:00:16 ----D---- C:\Users\kacerka\AppData\Roaming\MPC-HC
2018-08-17 13:00:16 ----D---- C:\Program Files (x86)\Steam
2018-08-17 12:59:04 ----D---- C:\Windows\Logs
2018-08-17 12:59:04 ----D---- C:\Windows\debug
2018-08-17 12:59:03 ----D---- C:\Windows\Minidump
2018-08-17 12:56:31 ----D---- C:\Program Files\CCleaner
2018-08-17 12:56:30 ----D---- C:\Windows\Tasks
2018-08-17 12:51:39 ----D---- C:\Windows\System32
2018-08-17 12:51:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-06 10:02:13 ----D---- C:\Windows\system32\config
2018-07-28 18:36:26 ----D---- C:\Users\kacerka\AppData\Roaming\Skype
2018-07-28 15:53:07 ----D---- C:\Windows\Microsoft.NET
2018-07-25 21:23:25 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2016-02-01 16440]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-02-01 6181376]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2017-05-18 166288]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-02-01 202752]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2016-03-14 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-16 269504]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2018-04-15 5708808]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2018-06-10 780928]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-06-16 116224]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-02 1683744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-02-02 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 20 srp 2018 13:38

Ahoj

Poprosim o logy z FRST (Farbar Recovery Scan Tool)

Stiahni FRST a uloz na plochu: https://www.bleepingcomputer.com/downlo ... scan-tool/
Je potrebne stiahnut 32 alebo 64 bitovu verziu podla operacneho systemu; ak si nie si isty, stiahni a vyskusaj obidve (spustit pojde len jedna)
Klikni na FRST pravym tlacitkom mysi a vyber Spustit ako spravca
Odsuhlas licencne podmienky
Klikni na Scan a pockaj na dokoncenie
Obidva vytvorene logy (FRST.txt a Addition.txt) vloz do nasledujcej odpovede
Ak sa logy nezmestia do jednej odpovede, rozdel ich do viac odpovedi alebo zabal do archivu ZIP a posli ako prilohu

Bohdan · #3 Příspěvek od **Bohdan** » 20 srp 2018 14:58

Zde FRST - ale je to jen FRST.txt a ještě nevím, jestli je celý (pak to zamrzlo):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 02
Ran by kacerka (administrator) on KACERKA-PC (20-08-2018 14:48:57)
Running from C:\Users\kacerka\Desktop
Loaded Profiles: kacerka (Available Profiles: kacerka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
Failed to access process -> dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {3404743a-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {34047454-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{0A06512D-BCDF-4444-914C-C39EF723935C}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{B7665BF6-D41A-4B3F-9903-8F9C1D310F08}: [DhcpNameServer] 8.8.8.8 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.seznam.cz/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-04] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2441516767-2923511880-2786483902-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kacerka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
CHR Extension: (Prezentace) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-15]
CHR Extension: (YouTube) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-15]
CHR Extension: (Vyhledávání Google) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-15]
CHR Extension: (Bing) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-14]
CHR Extension: (Tabulky) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Skype) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Dále uvádím FRST.txt a Addition.txt, pořízený ovšem v nouzovém režimu (bude-li to k něčemu):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 02
Ran by kacerka (administrator) on KACERKA-PC (20-08-2018 14:53:17)
Running from C:\Users\kacerka\Desktop
Loaded Profiles: kacerka (Available Profiles: kacerka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {3404743a-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {34047454-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{0A06512D-BCDF-4444-914C-C39EF723935C}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{B7665BF6-D41A-4B3F-9903-8F9C1D310F08}: [DhcpNameServer] 8.8.8.8 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.seznam.cz/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-04] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2441516767-2923511880-2786483902-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kacerka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
CHR Extension: (Prezentace) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-15]
CHR Extension: (YouTube) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-15]
CHR Extension: (Vyhledávání Google) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-15]
CHR Extension: (Bing) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-14]
CHR Extension: (Tabulky) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Skype) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\kacerka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [49152 2016-03-14] () [File not signed] <==== ATTENTION
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-15] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-10] (EasyAntiCheat Ltd)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-20 14:48 - 2018-08-20 14:55 - 000009319 _____ C:\Users\kacerka\Desktop\FRST.txt
2018-08-20 14:48 - 2018-08-20 14:48 - 000000000 ____D C:\FRST
2018-08-20 14:44 - 2018-08-20 13:10 - 002413056 _____ (Farbar) C:\Users\kacerka\Desktop\FRST64.exe
2018-08-20 13:06 - 2018-08-20 13:06 - 000000000 ____D C:\rsit
2018-08-20 13:06 - 2018-08-20 13:06 - 000000000 ____D C:\Program Files\trend micro
2018-08-20 13:01 - 2018-08-20 12:58 - 001222144 _____ C:\Users\kacerka\Desktop\RSITx64.exe
2018-08-20 13:00 - 2018-08-20 14:52 - 000779906 _____ C:\Windows\ntbtlog.txt
2018-08-17 14:01 - 2018-08-17 14:01 - 000000000 _____ C:\Users\kacerka\AppData\Local\{D0ED8430-BBA2-49A6-8DFC-55DDA55E8569}
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 ____H C:\Users\kacerka\AppData\Local\BIT18ED.tmp
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 _____ C:\Users\kacerka\AppData\Local\{A2216DA5-D74C-48BA-8499-C0A7819DB5C1}
2018-08-17 12:56 - 2018-08-17 12:56 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-17 12:56 - 2018-08-17 12:56 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2018-08-16 14:36 - 2018-08-16 14:36 - 000000000 ____D C:\Windows\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-20 14:48 - 2009-07-14 06:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-20 14:48 - 2009-07-14 06:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-20 14:46 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-17 13:59 - 2016-02-04 14:33 - 000000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-08-17 13:37 - 2009-07-14 06:45 - 000341552 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-17 13:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-17 13:18 - 2016-02-01 14:45 - 000084504 _____ C:\Users\kacerka\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-17 13:00 - 2016-02-24 08:26 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-17 13:00 - 2016-02-15 20:19 - 000000000 ____D C:\Users\kacerka\AppData\Roaming\MPC-HC
2018-08-17 12:59 - 2017-01-29 20:41 - 000000000 ____D C:\Windows\Minidump
2018-08-17 12:56 - 2016-02-04 14:51 - 000000000 ____D C:\Program Files\CCleaner
2018-08-17 12:51 - 2011-04-12 10:34 - 000671834 _____ C:\Windows\system32\perfh005.dat
2018-08-17 12:51 - 2011-04-12 10:34 - 000142430 _____ C:\Windows\system32\perfc005.dat
2018-08-17 12:51 - 2009-07-14 07:13 - 001591974 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-28 18:36 - 2016-02-24 21:06 - 000000000 ____D C:\Users\kacerka\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 ____H () C:\Users\kacerka\AppData\Local\BIT18ED.tmp
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 _____ () C:\Users\kacerka\AppData\Local\{A2216DA5-D74C-48BA-8499-C0A7819DB5C1}
2018-08-17 14:01 - 2018-08-17 14:01 - 000000000 _____ () C:\Users\kacerka\AppData\Local\{D0ED8430-BBA2-49A6-8DFC-55DDA55E8569}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-24 18:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by kacerka (20-08-2018 14:55:54)
Running from C:\Users\kacerka\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-01 12:37:03)
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2441516767-2923511880-2786483902-500 - Administrator - Disabled)
Guest (S-1-5-21-2441516767-2923511880-2786483902-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2441516767-2923511880-2786483902-1003 - Limited - Enabled)
kacerka (S-1-5-21-2441516767-2923511880-2786483902-1000 - Administrator - Enabled) => C:\Users\kacerka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ATI Catalyst Install Manager (HKLM\...\{405CCE33-483B-D5D7-B90C-75D1E74F5E18}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - )
ccc-core-static (HKLM-x32\...\{670EE9A7-3F8B-8969-AA86-7D958D7572D1}) (Version: 2009.1006.2226.38455 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HT Web Cam 3.0 (HKLM-x32\...\{5648AC64-925E-48FB-BD1B-9511323E7D8A}) (Version: 3.0 - )
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
K-Lite Mega Codec Pack 11.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup 1.0.0 (HKLM\...\MyPC Backup) (Version: 1.0.0 - MyPC Backup) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software602 Form Filler (HKLM-x32\...\{00160B3F-653A-4EA7-947E-4000D3551E9E}) (Version: 4.60 - Software602 a.s.)
Spotify (HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
YouTube By Click (HKLM-x32\...\{8645978C-3E59-4C2E-8ECB-0FCE6FA15800}) (Version: 2.2.75 - ByClick) Hidden
YouTube By Click (HKLM-x32\...\YouTube By Click 2.2.75) (Version: 2.2.75 - ByClick)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [PDFConv] -> {919CF7F5-9A8E-40B9-9588-2BECA5927D98} => C:\Program Files (x86)\Software602\602XML\xmlcore\CtxSign64.dll [2013-07-16] (Software602)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-10-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-21] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-21] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11867AC7-F83F-4F47-BC18-E64CC340E8E8} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2016-03-14] () <==== ATTENTION
Task: {226393DD-61B0-4980-81B4-EA83F00C95E1} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {47D25CA1-3336-49E9-971D-CAB1D3893FD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {4A62969C-AEEB-4E15-B65E-AA3A7BE52703} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {4A6EA2C3-7306-4B0C-82A2-6790ED5FEAD5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {738DC988-AE67-4919-A0B6-8EC34D8269E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {99FCD647-AAD5-4783-B654-F9A1C64F0385} - System32\Tasks\GoogleUpdateTaskMachineCore1d221a0109f9159 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {A1CF87B0-6F17-46E1-93FC-43428714C6A0} - System32\Tasks\GoogleUpdateTaskMachineUA1d221a0120c1f00 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B488D73E-9EC2-47AF-B5B6-52A870271079} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-16] (Adobe Systems Incorporated)
Task: {B4F2C9EF-EF17-42B2-8E90-709ED5CACA06} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {BEC17678-C83F-4C8F-A9C5-8AE85BDF3482} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DCEC87BE-6CC3-4B6C-934B-5794CEF94263} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kacerka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^kacerka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: BingSvc => C:\Users\kacerka\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\kacerka\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\kacerka\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F5A6B2B8-117F-40F7-B3CE-EE1C83E3AAC6}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{A41782FE-4ADA-4CF9-B81A-59E36CD82C5B}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe
FirewallRules: [{B4495BFD-2661-45BD-813A-F835C7B92BE7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D2EB52AA-8391-43BD-A780-9086EB5CE677}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BEF492B3-A168-4300-B0A0-8AD449118CA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4AB23CC-25A8-404E-B129-71B000F60C22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68043CEA-5600-472A-9493-8AC882659A53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ECB8D0B2-E787-4582-9286-DF4E1869DF06}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32006C4B-41F4-468F-90CE-18CCAFA7208C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BA79C257-C64D-4CB7-A596-90EB3E67B28E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DA7BE94D-3E57-437A-8BF1-82356F3CAB07}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F6CE8C11-ECE9-493D-BD50-CF83BC3794B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3FC489EE-E036-45BD-8278-4A252C8A841B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tanki X\tankix.exe
FirewallRules: [{4D479A1A-8777-4246-8B48-92A911C3C623}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tanki X\tankix.exe
FirewallRules: [TCP Query User{7E755DA3-BE46-41C6-8C85-1F9D20B9806C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{46FBDB0A-1942-420B-BC89-9E752DC43D88}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{E56E08F1-A511-4BC5-8E48-CB433BE1A4E3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{64418BED-46ED-4A6E-B86A-695598F58FA5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{FF925A9D-A9A2-43F1-96B4-2E8E52CDCF87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{2812C399-BD49-417D-B866-BFEC31C8904D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [TCP Query User{472EE078-F0A1-4885-8EA3-3C86E983EA32}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{5CB7CA35-5295-48CA-B1D5-355B5B362E8E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{3FDAF66C-8494-467C-B745-B2172F6DA529}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5982CCC-739B-4C13-B463-F493B931C7A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
FirewallRules: [{8E32C446-CAC3-485A-9F8C-222311EB5C86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Royale\Binaries\Win64\RealmEAC.exe
FirewallRules: [TCP Query User{CC828AB8-85EC-45B6-AAEB-38D896605E74}C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe
FirewallRules: [UDP Query User{B33FCAAE-617F-4631-8DA3-8C2BDCB31073}C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\realm royale\binaries\win64\realm.exe
FirewallRules: [{FCB3C222-D842-45B4-B3AF-0D1B0D3D7CED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CC8B90B4-A485-4D2D-9891-54705F8F4193}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4408A84C-BCCB-4FB5-BEDE-E6D5CE4C45C1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2018 02:53:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/20/2018 02:48:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/20/2018 02:23:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/20/2018 01:24:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/20/2018 01:24:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4400} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/20/2018 01:24:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/20/2018 01:24:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/20/2018 01:24:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (08/20/2018 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/20/2018 02:52:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/20/2018 02:52:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

CodeIntegrity:
===================================

Date: 2018-07-12 19:30:05.796
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II Dual-Core M300
Percentage of memory in use: 16%
Total physical RAM: 4095.21 MB
Available physical RAM: 3409.05 MB
Total Virtual: 8188.59 MB
Available Virtual: 7529.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:116.34 GB) (Free:5.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:112.93 GB) NTFS
Drive f: () (Removable) (Total:14.75 GB) (Free:13.23 GB) FAT32

\\?\Volume{d2869b45-c8de-11e5-ba05-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=334.7 GB) - (Type=0F Extended)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 000396F5)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

#4 Příspěvek od **Conder** » 20 srp 2018 15:36

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

File: C:\Program Files (x86)\MyPC Backup\BackupStack.exe
Folder: File: C:\Program Files (x86)\MyPC Backup
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {3404743a-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {34047454-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [49152 2016-03-14] () [File not signed] <==== ATTENTION
2018-08-17 14:01 - 2018-08-17 14:01 - 000000000 _____ C:\Users\kacerka\AppData\Local\{D0ED8430-BBA2-49A6-8DFC-55DDA55E8569}
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 ____H C:\Users\kacerka\AppData\Local\BIT18ED.tmp
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 _____ C:\Users\kacerka\AppData\Local\{A2216DA5-D74C-48BA-8499-C0A7819DB5C1}
ccc-core-static (HKLM-x32\...\{670EE9A7-3F8B-8969-AA86-7D958D7572D1}) (Version: 2009.1006.2226.38455 - Název společnosti:) Hidden
Task: {11867AC7-F83F-4F47-BC18-E64CC340E8E8} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2016-03-14] () <==== ATTENTION
Task: {226393DD-61B0-4980-81B4-EA83F00C95E1} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4A6EA2C3-7306-4B0C-82A2-6790ED5FEAD5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BEC17678-C83F-4C8F-A9C5-8AE85BDF3482} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
MSCONFIG\startupfolder: C:^Users^kacerka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Bohdan · #5 Příspěvek od **Bohdan** » 21 srp 2018 06:27

Vykonané, viď:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by kacerka (21-08-2018 07:18:00) Run:1
Running from C:\Users\kacerka\Desktop
Loaded Profiles: kacerka (Available Profiles: kacerka)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

File: C:\Program Files (x86)\MyPC Backup\BackupStack.exe
Folder: File: C:\Program Files (x86)\MyPC Backup
File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {3404743a-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\...\MountPoints2: {34047454-0aa4-11e6-9c47-00005b1a04a4} - F:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [49152 2016-03-14] () [File not signed] <==== ATTENTION
2018-08-17 14:01 - 2018-08-17 14:01 - 000000000 _____ C:\Users\kacerka\AppData\Local\{D0ED8430-BBA2-49A6-8DFC-55DDA55E8569}
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 ____H C:\Users\kacerka\AppData\Local\BIT18ED.tmp
2018-08-17 13:41 - 2018-08-17 13:41 - 000000000 _____ C:\Users\kacerka\AppData\Local\{A2216DA5-D74C-48BA-8499-C0A7819DB5C1}
ccc-core-static (HKLM-x32\...\{670EE9A7-3F8B-8969-AA86-7D958D7572D1}) (Version: 2009.1006.2226.38455 - N�zev spole�nosti:) Hidden
Task: {11867AC7-F83F-4F47-BC18-E64CC340E8E8} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2016-03-14] () <==== ATTENTION
Task: {226393DD-61B0-4980-81B4-EA83F00C95E1} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4A6EA2C3-7306-4B0C-82A2-6790ED5FEAD5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BEC17678-C83F-4C8F-A9C5-8AE85BDF3482} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
MSCONFIG\startupfolder: C:^Users^kacerka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.

========================= File: C:\Program Files (x86)\MyPC Backup\BackupStack.exe ========================

C:\Program Files (x86)\MyPC Backup\BackupStack.exe
File not signed
MD5: B1ED7D235D2E344F93D1E4650CF375E9
Creation and modification date: 2016-11-29 21:01 - 2016-03-14 19:05
Size: 000049152
Attributes: ----A
Company Name:
Internal Name: BackupStack.exe
Original Name: BackupStack.exe
Product:
Description:
File Version: 1.0.*
Product Version: 1.0.*
Copyright:
VirusTotal: 0

====== End of File: ======

========================= Folder: File: C:\Program Files (x86)\MyPC Backup ========================

not found.

====== End of Folder: ======

========================= File: C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe ========================

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
File not signed
MD5: 7CF1B716372B89568AE4C0FE769F5869
Creation and modification date: 2006-10-26 14:40 - 2006-10-26 14:40
Size: 000335872
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mdm.exe
Original Name: mdm.exe
Product: Microsoft® Visual Studio .NET
Description: Machine Debug Manager
File Version: 7.10.3077
Product Version: 7.10.3077
Copyright: Copyright© Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======

"HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3404743a-0aa4-11e6-9c47-00005b1a04a4}" => removed successfully
HKLM\Software\Classes\CLSID\{3404743a-0aa4-11e6-9c47-00005b1a04a4} => not found
"HKU\S-1-5-21-2441516767-2923511880-2786483902-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34047454-0aa4-11e6-9c47-00005b1a04a4}" => removed successfully
HKLM\Software\Classes\CLSID\{34047454-0aa4-11e6-9c47-00005b1a04a4} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"HKLM\System\CurrentControlSet\Services\BackupStack" => removed successfully
BackupStack => service removed successfully
C:\Users\kacerka\AppData\Local\{D0ED8430-BBA2-49A6-8DFC-55DDA55E8569} => moved successfully
C:\Users\kacerka\AppData\Local\BIT18ED.tmp => moved successfully
C:\Users\kacerka\AppData\Local\{A2216DA5-D74C-48BA-8499-C0A7819DB5C1} => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{670EE9A7-3F8B-8969-AA86-7D958D7572D1}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11867AC7-F83F-4F47-BC18-E64CC340E8E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11867AC7-F83F-4F47-BC18-E64CC340E8E8}" => removed successfully
C:\Windows\System32\Tasks\LaunchApp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{226393DD-61B0-4980-81B4-EA83F00C95E1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{226393DD-61B0-4980-81B4-EA83F00C95E1}" => removed successfully
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A6EA2C3-7306-4B0C-82A2-6790ED5FEAD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A6EA2C3-7306-4B0C-82A2-6790ED5FEAD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEC17678-C83F-4C8F-A9C5-8AE85BDF3482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEC17678-C83F-4C8F-A9C5-8AE85BDF3482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^kacerka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk" => removed successfully
C:\Windows\pss\MyPC Backup.lnk.Startup => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74655816 B
Java, Flash, Steam htmlcache => 56413415 B
Windows/system/drivers => 23393704 B
Edge => 0 B
Chrome => 1751527 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 7563630 B
kacerka => 7396144 B

RecycleBin => 0 B
EmptyTemp: => 223.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:19:14 ====

#6 Příspěvek od **Conder** » 21 srp 2018 15:48

Urob v MBAM uplny sken

Stiahni a nainstaluj Malwarebytes (MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
Ignoruj skusobnu trial verziu
Otvor MBAM a vlavo klikni na "Skenovat"
Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
Klikni na Skenovat teraz a pockaj na dokoncenie
Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
Obsah tohto suboru sem skopiruj
Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868

Bohdan · #7 Příspěvek od **Bohdan** » 22 srp 2018 13:05

Počítač se už chová vcelku normálně (moc rychlý není, ale vzhledem k hardware zřejmě přiměřeně?). MBAM se mě ovšem nedaří dokončit - spuštěno 2x normálně a 1x v nouzovém režimu - počítač vždycky po delší době (MBAM běžel) zamrznul a bylo nutné vypnout jej tlačítkem.

#8 Příspěvek od **Conder** » 22 srp 2018 18:13

Skus v MBAM urobit aspon Threat Scan (Sken hrozieb), ten by mal byt rychlejsi. Posli log z vysledku.

Priblizne po akom case to zamrzne?

Bohdan · #9 Příspěvek od **Bohdan** » 27 srp 2018 08:34

Zamrzne to asi po 50 min (naposledy v čase 52 min) - a skončilo to myslím někde v Program Files (Silverlight? - už nevím přesně). Do té doby to detekovalo 3 hrozby - potenciálně nechtěné aplikace - všec spojené s MyPC Backup. Update - takhle to bylo ještě v pátek - celý víkend byl počítač vypnutý - teď opět zamrzá po pár minutách, a to nově i v nouzovém režimu.

#10 Příspěvek od **Conder** » 27 srp 2018 17:17

Stiahni CrystalDiskInfo: https://crystalmark.info/redirect.php?p ... alDiskInfo

Rozbal cely archiv na plochu a spusti cez DiskInfo64.exe
Hore klikni na Upravy (Edit) -> Kopirovat (Copy)
Skopiruje sa log, jeho obsah vloz (Ctrl+V) do dalsej odpovedi

Bohdan · #11 Příspěvek od **Bohdan** » 28 srp 2018 06:34

CrystalDiskInfo 7.7.0 (C) 2008-2018 hiyohiyo
Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)
Date : 2018/08/28 7:31:26

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- ST950032 5AS SATA Disk Device
- TSSTcorp CDDVDW TS-L633C SATA CdRom Device

-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0002SDM1
Serial Number : 6VE4V8KE
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 14268 hod.
Power On Count : 5771 krát
Temperature : 32 C (89 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 112 _99 __6 0000075D19AC Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 _95 _95 _20 0000000016FF Počet spuštění/zastavení
05 100 100 _36 000000000002 Počet přemapovaných sektorů
07 _85 _60 _30 000016811F21 Počet chybných hledání
09 _84 _84 __0 0000000037BC Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _95 _37 _20 00000000168B Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB _49 _49 __0 000000000033 Ohlášeno neopravitelných chyb
BC 100 _91 __0 00060006005F Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _68 _44 _45 0001201B0020 Teplota toku vzduchu
BF 100 100 __0 000000000104 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000000001F3 Počet vypnutí disku
C1 _29 _29 __0 000000023134 Počet cyklů načítání/vymazání
C2 _32 _56 __0 000300000020 Teplota
C3 _50 _40 __0 0000075D19AC Počet oprav chybného čtení
C5 100 100 __0 000000000001 Počet podezřelých sektorů
C6 100 100 __0 000000000001 Počet neopravitelných sektorů
C7 200 200 __0 00000000004C Počet chyb v kontrolním součtu UltraDMA
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3656 4534 5638 4B45
020: 0000 4000 0004 3030 3032 5344 4D31 5354 3935 3030
030: 3332 3541 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0040
080: 01F0 0029 346B 7D09 6123 3469 BC09 6123 407F 0044
090: 0044 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5000 C500
110: 1EF0 A601 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 001F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3C00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103B 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 D6A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F

#12 Příspěvek od **Conder** » 28 srp 2018 20:24

Stlac klavesy Win+R, napis "eventvwr.exe" (bez uvodzoviek) a stlac enter

Vlavo klikni na Protokoly systemu Windows (Windows Logs) a potom na System
Vpravo klikni na Ulozit vsechny udalosti jako (Save All Events As)
Napis nazov suboru "system", typ suboru nechaj ako .evtx a uloz na plochu
Vlavo klikni na Aplikace (Application), vpravo opat klikni na Ulozit vsechny udalosti jako (Save All Events As)
Napis nazov suboru "application", typ suboru nechaj ako .evtx a uloz na plochu
Tieto 2 subory nahraj zabal do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku

Stlac Win+R -> napis "control srchadmin.dll" -> enter -> Spresnit -> Znovu zostavit.

PC sa zrejme tiez zasekne, ale skus v nudzovom rezime urobit kontrolu HDD cez HD Tune: https://www.hdtune.com/download.html
Stiahni, nainstaluj, spusti ako spravca, klikni na kartu Error Scan, klikni na Scan a potom posli vysledok. Ak sa to zasekne, tak skus aspon odfotit obrazovku mobilom.

Bohdan · #13 Příspěvek od **Bohdan** » 29 srp 2018 10:11

Udělal jsem HT Tune (disk jsem vymontoval a připojil do jiného počítače) - jsou tam 2 červené čtverečky - jeden asi v polovině 4. řádku a jeden skoro na konci. Když to posoudím v kontextu s výsledkem Smartu, tak myslím můžeme uzavřít - tomu disku už nemůžu důvěřovat a vyměním jej. Děkuji velmi za ochotu při řešení a prosím o Lock.

#14 Příspěvek od **Conder** » 30 srp 2018 00:24

Nie je zaco, rad som pomohol

VIRY.CZ

Zamrzající notebook

Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook

Re: Zamrzající notebook