blue screen --- IRQL_NOT_LESS_OR_EQUAL

Zpráva

Hynek88 · #1 Příspěvek od **Hynek88** » 09 dub 2016 22:04

Dobrý večer,

mám podezření na vir, pc se restartuje a na modré obrazovce píše IRQL_NOT_LESS_OR_EQUAL,

díky za případné řešení.

#2 Příspěvek od **motji** » 10 dub 2016 07:54

Dobrý den,
pc se restartuje jak často?
Můžete tu modrou obrazovku vyfotit?
Pokud se dostanete do systému, dejte oba logy z Frstu.

Hynek88 · #3 Příspěvek od **Hynek88** » 10 dub 2016 08:59

Dobrý den,,,

tak jednou denně určitě,, vypnul sem automatický restart, tak až to přijde tak vyfotím mobilem,,,

tady jsou logy ---
a v příloze

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by ROCOR (administrator) on ROCOR-PC (10-04-2016 09:56:19)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
() C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe
(Almico Software (http://www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [mnciureSrv] => C:\Windows\inf\mnciure.vbe
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GTGMouse – zástupce.lnk [2014-05-24]
ShortcutTarget: GTGMouse – zástupce.lnk -> C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk [2014-12-29]
ShortcutTarget: speedfan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (http://www.almico.com))
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default
FF Homepage: hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\alza.xml [2015-11-13]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\divinity-wiki-en.xml [2015-07-10]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fallout-wiki-en.xml [2016-01-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-bloodborne.xml [2015-03-29]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-darksouls2.xml [2014-04-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-dragonage3.xml [2015-01-14]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-lordsofthefallen.xml [2016-01-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2016-04-08]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\katcr.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\secure-torrentz-search.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2016-04-10]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\torrent-metasearch.xml [2013-05-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\wordpresscom.xml [2016-03-31]
FF Extension: Flash Game Maximizer - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2015-05-30]
FF Extension: Tab Mix Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-08-19]
FF Extension: ImageBlock - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\imageblock@hemantvats.com.xpi [2016-04-04]
FF Extension: Český slovník pro kontrolu pravopisu (bez diakritiky) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-01-22]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-01-10]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-08-19]
FF Extension: NASA Night Launch - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2014-12-21] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-03-18]
FF Extension: Session Manager - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-07-08]
FF Extension: BitComet Video Downloader - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [not signed]
FF Extension: BitComet Video Downloader - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [not signed]
FF Extension: No Name - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-19]
FF Extension: Adblock Edge - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-21] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [146944 2012-12-13] (D&M Holdings Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 09:56 - 2016-04-10 09:56 - 00016715 _____ C:\Users\ROCOR\Desktop\FRST.txt
2016-04-10 09:55 - 2016-04-10 09:56 - 00000000 ____D C:\FRST
2016-04-10 09:55 - 2016-04-10 09:55 - 00112640 _____ (forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
2016-04-10 09:54 - 2016-04-10 09:54 - 02374144 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2016-04-10 03:14 - 2016-04-10 03:14 - 00000000 ____D C:\Windows\LastGood
2016-04-10 03:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-10 03:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-10 03:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-09 07:50 - 2016-04-09 07:50 - 00000085 _____ C:\Windows\wininit.ini
2016-04-09 07:44 - 2016-04-09 07:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-09 07:40 - 2016-04-09 07:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-07 19:46 - 2016-04-07 20:46 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\Ashampoo
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\Users\ROCOR\AppData\Local\ashampoo
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-03-17 10:01 - 2016-03-17 10:02 - 00000000 ____D C:\ProgramData\Ashampoo
2016-03-17 10:01 - 2016-03-17 10:01 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-03-12 18:34 - 2016-03-12 18:34 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\NVIDIA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 09:56 - 2014-05-22 16:21 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2016-04-10 09:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-10 09:46 - 2014-05-22 06:59 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-10 03:31 - 2014-05-23 07:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-10 03:26 - 2014-05-22 07:19 - 00000000 ___RD C:\Users\ROCOR\Desktop\ROCOR
2016-04-10 03:19 - 2011-04-12 10:34 - 00648690 _____ C:\Windows\system32\perfh005.dat
2016-04-10 03:19 - 2011-04-12 10:34 - 00133548 _____ C:\Windows\system32\perfc005.dat
2016-04-10 03:19 - 2009-07-14 07:13 - 01527778 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 03:18 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-10 03:18 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-10 03:13 - 2014-12-29 19:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-04-10 03:13 - 2014-10-08 13:37 - 00001369 ___SH C:\Windows\SysWOW64\mmf.sys
2016-04-10 03:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-09 22:56 - 2014-12-29 17:06 - 00000000 ____D C:\Windows\Minidump
2016-04-09 19:59 - 2014-08-09 07:35 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2016-04-09 15:32 - 2014-05-22 07:13 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2016-04-09 09:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-09 07:54 - 2014-05-22 14:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 20:46 - 2014-05-22 06:59 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 20:46 - 2014-05-22 06:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 20:46 - 2014-05-22 06:59 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-05 17:10 - 2016-01-20 06:32 - 00000000 ____D C:\Users\ROCOR\AppData\Local\CrashDumps
2016-03-30 03:06 - 2015-03-21 15:54 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-30 03:06 - 2015-03-21 15:54 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-30 03:05 - 2016-01-12 09:49 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-30 03:05 - 2015-03-21 15:54 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-30 03:05 - 2015-03-21 15:54 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-28 21:07 - 2014-06-18 13:17 - 00001209 _____ C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-03-16 17:06 - 2014-07-09 17:43 - 00000000 ____D C:\Users\ROCOR\Documents\EQ_Foobar2000
2016-03-12 18:34 - 2014-05-23 06:59 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\tigerplayer
2016-03-12 09:13 - 2014-05-23 21:30 - 00007632 _____ C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories =======

2014-05-22 07:02 - 2014-05-22 07:02 - 0000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 11:22 - 2014-08-10 11:22 - 0000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 21:30 - 2016-03-12 09:13 - 0007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 18:48 - 2014-05-24 18:48 - 0000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini

Some files in TEMP:
====================
C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 01:51

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:92.34 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:148.99 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:11.16 GB) FAT32

Available physical RAM: 6510.53 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 19%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Security Center ==================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ROCOR\Desktop" je 8122 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Hynek88 · #4 Příspěvek od **Hynek88** » 10 dub 2016 09:02

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by ROCOR (2016-04-10 09:56:37)
Running from C:\Users\ROCOR\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 08:09:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-866583909-2925738967-381583198-500 - Administrator - Disabled)
Guest (S-1-5-21-866583909-2925738967-381583198-501 - Limited - Enabled)
ROCOR (S-1-5-21-866583909-2925738967-381583198-1000 - Administrator - Enabled) => C:\Users\ROCOR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aktualizace NVIDIA 2.11.2.55 (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Alan Wake (HKLM-x32\...\Alan Wake_is1) (Version: - )
Alan Wake Čestina verze 1.0 (HKLM-x32\...\{68EE3B21-BC13-4B1A-AC92-69E479246650}_is1) (Version: 1.0 - michalss)
Altap Salamander 2.54 (HKLM-x32\...\Altap Salamander 2.54) (Version: 2.54 - ALTAP)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: - )
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)
ASUS Xonar Essence ST Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.1.0.5 - Electronic Arts)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.8 - Electronic Arts)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
Enemy Front PROPER (HKLM-x32\...\Enemy Front PROPER_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.81.5243 - Gretech Corporation)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Icon Converter Plus (HKLM-x32\...\Icon Converter Plus) (Version: 4.8 - www.program4pc.com)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Kings Bounty - Warriors of the North verzia 1.3.1.6250 (HKLM-x32\...\Kings Bounty - Warriors of the North_is1) (Version: 1.3.1.6250 - CzTorrent.net)
L.A. Noire verzia 1.3.2617 (HKLM-x32\...\L.A. Noire_is1) (Version: 1.3.2617 - CzTorrent.net)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Lords of the Fallen (HKLM-x32\...\{F3DFAE55-83E3-4BD4-9311-B5AB0C16EFD9}_is1) (Version: - CI Games)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 28.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 cs)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MuralPix 1.07 (HKLM-x32\...\MuralPix) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.14 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 364.47 (Version: 364.47 - NVIDIA Corporation) Hidden
Panzer Corps (HKLM-x32\...\Steam App 268400) (Version: - Flashback Games)
Panzer General 3D: Assault (HKLM-x32\...\Panzer General 3D: Assault_is1) (Version: - GOG.com)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.8.2 - PowerUp Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Return to Castle Wolfenstein (HKLM-x32\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.2.0 - Electronic Arts)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Star Chronicles: Delta Quadrant (HKLM-x32\...\Steam App 383330) (Version: - Alister Software)
'Steel Fury - Kharkov 1942' (HKLM-x32\...\STLFR_eng_is1) (Version: - Lighthouse Interactive)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFO Afterlight (HKLM-x32\...\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}) (Version: 1.4 - )
UFO Aftershock (HKLM-x32\...\{639555DF-952A-4161-97F6-AB9807E421D7}) (Version: 1.0 - )
Valiant Hearts The Great War (x32 Version: 1.0.0 - Ubisoft) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
XCOM 2 (HKLM-x32\...\Steam App 268500) (Version: - Firaxis)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-866583909-2925738967-381583198-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FABE276-B12D-428D-B1F8-4A1415262EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {3D89A8B1-7D28-422A-AF12-D2BBEAD20C7F} - System32\Tasks\{ABE3759C-C482-43D3-9640-6968B5CBEE31} => C:\Users\ROCOR\Desktop\RSITx64.exe
Task: {6A71348C-3354-4645-BFC8-FA32232C0853} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {7E9CC61F-61B6-448E-BBAA-80ABE12FAF49} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {8EF9D0AC-9834-4B60-8895-903B9D36704B} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
Task: {AF6A6121-FBA0-4EA4-81FB-BE30F045D393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {CAD967C3-43B3-42F9-9D8C-FE47FEDD878D} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
Task: {D5AFBE8B-A9AE-4AF4-B631-811578551CFB} - System32\Tasks\CTF Host => C:\Users\ROCOR\AppData\Roaming\Logitech\Ctfhost\ctfhost.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-08 13:37 - 2014-10-08 13:37 - 00016384 _____ () C:\Windows\runservice.exe
2016-03-08 07:28 - 2016-03-03 11:54 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-05-22 07:09 - 2008-07-11 16:04 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2014-05-22 07:09 - 2008-07-11 16:03 - 00282112 _____ () C:\Windows\system\HsMgr64.exe
2014-05-24 16:23 - 2007-08-13 03:23 - 00482816 _____ () C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe
2016-02-27 21:32 - 2016-03-30 03:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-10 03:14 - 2016-03-30 03:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-27 21:32 - 2016-03-30 03:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-12 09:49 - 2016-03-30 03:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-10 03:14 - 2016-03-30 03:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-10 03:14 - 2016-03-30 03:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-10 03:14 - 2016-03-30 03:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-23 13:52 - 2016-03-30 03:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-10 03:14 - 2016-03-30 03:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-10 03:14 - 2016-03-30 03:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-10-08 13:37 - 2014-10-08 13:37 - 00048640 _____ () C:\Windows\mmfs.dll
2014-12-30 14:56 - 2011-04-19 15:56 - 00143360 _____ () C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2014-05-24 16:23 - 2006-11-23 15:07 - 00037888 _____ () C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMDLL.DLL
2016-04-09 07:29 - 2016-04-10 03:13 - 00158720 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
2014-12-19 21:19 - 2016-04-10 03:13 - 00192512 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2015-03-30 19:39 - 2016-03-30 03:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-11-24 15:44 - 00000978 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 idnes.cz
127.0.0.1 www.idnes.cz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 172.21.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk => C:\Windows\pss\MpManag.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BAFAC2A3-EE14-4561-9792-7B178D2AD7F6}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{60DD18EE-D544-4FAF-A5E6-9961DAE37DAB}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{172952CC-A814-402C-AB4B-9087F79D8E38}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{6C4A87A1-38B8-4D37-BE75-4401B0868854}] => (Allow) D:\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{58CB1CAC-E7E9-48A9-B9E7-816ECFBFCC85}] => (Allow) D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{741CE555-C0C9-4409-BD85-7ADE4600630E}] => (Allow) D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{F9C84C2E-8692-4606-B006-D46A057E87E5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B4C7DDE3-A2AC-4FE5-BC79-E3955C6122E6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{49E21519-DD47-4AC2-BAA8-086049BCFACC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{563A189B-8151-478C-9308-297A0DEA0E20}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{71626F65-22C9-451A-9D41-EED3F7926C78}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\bfh.exe
FirewallRules: [{CBC2E968-928E-4113-828D-F0EB91306294}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\bfh.exe
FirewallRules: [{099325A4-F4D8-4AA6-B0FE-99AD5916AC88}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{0F9FFF81-1702-48D2-8C15-7F7BAE6DAB23}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [TCP Query User{92F5F603-1F64-4E1D-B3EF-D5B6D881C50C}D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{9B23A9AA-42A9-492D-89F6-401CB95998A0}D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{C8ED4187-0604-432A-9E39-50700D0D0E0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F5E98165-3D46-4E9A-B44F-19935BE4087D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4EA70B0-C4FE-420A-8731-DC61338555FE}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{0CA58FD2-70BC-4508-805C-872398E4D682}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{919374CC-FF9E-4222-B901-53C37FC59EEB}] => (Allow) D:\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{34BDE666-5FC4-4617-9353-A58E342DA375}] => (Allow) D:\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{0585ED55-8344-4E49-85FE-6EE218A5C523}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0FF05CE9-99EC-4B41-A04C-EC4EED45C63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9CE2A5A0-BAD4-4DD8-B0B6-F315CE3223E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3249503E-4FCC-440A-A553-0CF31E280642}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A464289-4BCB-44B9-A9A0-3A0E2061EF56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB279C36-36A7-45EA-A382-34116DA29DCB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\BFHWebHelper.exe
FirewallRules: [{002932D4-1BCE-4746-8C75-A9F3D251AD68}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\BFHWebHelper.exe
FirewallRules: [{0ED334B3-B2B2-45D7-8A0D-96A157970CEA}] => (Allow) D:\Steam\SteamApps\common\Panzer Corps\autorun.exe
FirewallRules: [{C6D97DBE-81FB-4DB5-BC42-E02D4930E129}] => (Allow) D:\Steam\SteamApps\common\Panzer Corps\autorun.exe
FirewallRules: [{8C70206C-5B27-457D-AB69-FF04D8D2B551}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A32EE65E-1B9D-462C-91EF-99F822A716AF}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{E5A4A7A6-3903-44B0-85F1-B66647C78B94}D:\games\cod7\game\call of duty - black ops\blackopsmp.exe] => (Block) D:\games\cod7\game\call of duty - black ops\blackopsmp.exe
FirewallRules: [UDP Query User{441C05C2-C8DB-4D08-B1A9-2DE219388847}D:\games\cod7\game\call of duty - black ops\blackopsmp.exe] => (Block) D:\games\cod7\game\call of duty - black ops\blackopsmp.exe
FirewallRules: [{54E006B9-9B7A-4831-93D2-7F4A2CA373B1}] => (Allow) D:\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{6D5D41B5-49C2-42D3-9EE2-1E5E4216C429}] => (Allow) D:\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [TCP Query User{7F92BDAF-70FD-4EA0-8E05-3B0BD842C0B0}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{5D8D8D8C-A1BD-4B8F-9256-466E484E5154}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{E92EECCE-EDF4-4D25-8F6C-184FADB04042}] => (Allow) D:\Steam\SteamApps\common\Star Chronicles Delta Quadrant\Delta Quadrant.exe
FirewallRules: [{615C20CA-A8B7-4B6A-B52C-6D0A2C78A4B1}] => (Allow) D:\Steam\SteamApps\common\Star Chronicles Delta Quadrant\Delta Quadrant.exe
FirewallRules: [TCP Query User{69ADFC3E-2F05-4AFD-9674-7FBE0FCABE13}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe
FirewallRules: [UDP Query User{F4FD1F4F-ADC4-4EF4-B8B6-45B31E0B1CC3}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe

==================== Restore Points =========================

14-03-2016 01:02:18 Naplánovaný kontrolní bod
21-03-2016 08:38:09 Naplánovaný kontrolní bod
29-03-2016 19:31:17 Naplánovaný kontrolní bod
30-03-2016 11:00:29 Installed USB Audio.
06-04-2016 20:23:12 Naplánovaný kontrolní bod
09-04-2016 07:50:15 Revo Uninstaller Pro's restore point - Spybot - Search & Destroy
10-04-2016 03:02:41 Revo Uninstaller Pro's restore point - USB Audio
10-04-2016 03:03:27 Revo Uninstaller Pro's restore point - USB Audio
10-04-2016 03:26:09 Revo Uninstaller Pro's restore point - Vulkan Run Time Libraries 1.0.3.0

==================== Faulty Device Manager Devices =============

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 19%
Total physical RAM: 8076.4 MB
Available physical RAM: 6510.53 MB
Total Virtual: 24074.61 MB
Available Virtual: 22532.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:92.34 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:148.99 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:11.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

====================================================

"adidition log"

====
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

#5 Příspěvek od **motji** » 10 dub 2016 10:27

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Hynek88 · #6 Příspěvek od **Hynek88** » 10 dub 2016 10:33

# AdwCleaner v5.109 - Log soubor vytvořen 10/04/2016 o 11:31:38
# Aktualizováno 04/04/2016 by Xplode
# Databáze : 2016-04-09.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (x64)
# Jméno uživatele : ROCOR - ROCOR-PC
# Spuštěno z : C:\Users\ROCOR\Desktop\AdwCleaner.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazáno : C:\Users\ROCOR\AppData\Local\28050
[-] Složka smazáno : C:\Users\ROCOR\AppData\Roaming\Solvusoft

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Soubor smazáno : C:\Windows\Reimage.ini
[-] Soubor smazáno : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****

***** [ Zástupci ] *****

***** [ Naplánované úkoly ] *****

[-] Úkol smazáno : DriverNavigator Scheduled Scan

***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Klávesa smazáno : HKCU\Software\PRODUCTSETUP

***** [ Webové prohlížeče ] *****

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1395 bytes] - [10/04/2016 11:31:38]
C:\AdwCleaner\AdwCleaner[R1].txt - [1235 bytes] - [28/11/2014 16:12:58]
C:\AdwCleaner\AdwCleaner[R2].txt - [1188 bytes] - [19/12/2014 13:01:08]
C:\AdwCleaner\AdwCleaner[R3].txt - [1228 bytes] - [19/12/2014 19:14:40]
C:\AdwCleaner\AdwCleaner[R4].txt - [1289 bytes] - [19/12/2014 19:19:06]
C:\AdwCleaner\AdwCleaner[R5].txt - [1409 bytes] - [19/12/2014 19:28:37]
C:\AdwCleaner\AdwCleaner[R6].txt - [1571 bytes] - [19/12/2014 22:18:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [3501 bytes] - [28/11/2014 16:14:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1256 bytes] - [19/12/2014 13:01:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [1354 bytes] - [19/12/2014 19:19:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [1474 bytes] - [19/12/2014 19:29:11]
C:\AdwCleaner\AdwCleaner[S5].txt - [1638 bytes] - [19/12/2014 22:19:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2271 bytes] ##########

#7 Příspěvek od **motji** » 10 dub 2016 13:59

Otevřete poznámkový blok a zkopírujte do něj:

Kód: Vybrat vše

HKLM-x32\...\Run: [mnciureSrv] => C:\Windows\inf\mnciure.vbe

-uložte jako fixlist.txt vedle Frstu.
-otevřete Frst a dejte fix.

Udělejte mbam, nic nemažte, log vložte zde.
viewtopic.php?f=29&t=144868

Hynek88 · #8 Příspěvek od **Hynek88** » 10 dub 2016 14:18

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10.4.2016
Čas skenování: 15:08
Protokol: xxxx.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.04.10.02
Databáze rootkitů: v2016.04.09.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: ROCOR

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 325902
Uplynulý čas: 6 min, 31 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#9 Příspěvek od **motji** » 10 dub 2016 14:24

Poprosím o nový log z Frstu. pc sledujte a pokud bude Bsod, dejte screen

Hynek88 · #10 Příspěvek od **Hynek88** » 10 dub 2016 14:31

ok, tak zatím díky!

-----------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by ROCOR (administrator) on ROCOR-PC (10-04-2016 15:29:27)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
() C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GTGMouse – zástupce.lnk [2014-05-24]
ShortcutTarget: GTGMouse – zástupce.lnk -> C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk [2014-12-29]
ShortcutTarget: speedfan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default
FF DefaultSearchEngine: ÄŚSFD
FF SelectedSearchEngine: ÄŚSFD
FF Homepage: hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\alza.xml [2015-11-13]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\divinity-wiki-en.xml [2015-07-10]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fallout-wiki-en.xml [2016-01-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-bloodborne.xml [2015-03-29]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-darksouls2.xml [2014-04-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-dragonage3.xml [2015-01-14]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\fextralife-wikis-lordsofthefallen.xml [2016-01-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2016-04-08]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\katcr.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\secure-torrentz-search.xml [2016-03-31]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2016-04-10]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\torrent-metasearch.xml [2013-05-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\wordpresscom.xml [2016-03-31]
FF Extension: Flash Game Maximizer - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2015-05-30]
FF Extension: Tab Mix Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-08-19]
FF Extension: ImageBlock - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\extensions\imageblock@hemantvats.com.xpi [2016-04-04]
FF Extension: Český slovník pro kontrolu pravopisu (bez diakritiky) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-01-22]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-01-10]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-08-19]
FF Extension: NASA Night Launch - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2014-12-21] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [not signed]
FF Extension: Flagfox - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-03-18]
FF Extension: Session Manager - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-07-08]
FF Extension: BitComet Video Downloader - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [not signed]
FF Extension: BitComet Video Downloader - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [not signed]
FF Extension: No Name - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-19]
FF Extension: Adblock Edge - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-21] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [146944 2012-12-13] (D&M Holdings Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:29 - 2016-04-10 15:29 - 00016210 _____ C:\Users\ROCOR\Desktop\FRST.txt
2016-04-10 15:04 - 2016-04-10 15:04 - 00000000 ___RD C:\Users\ROCOR\Documents\Notes
2016-04-10 09:55 - 2016-04-10 15:29 - 00000000 ____D C:\FRST
2016-04-10 09:55 - 2016-04-10 09:55 - 00112640 _____ (forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
2016-04-10 09:54 - 2016-04-10 09:54 - 02374144 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2016-04-10 03:14 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-10 03:14 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-10 03:14 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-09 07:50 - 2016-04-09 07:50 - 00000085 _____ C:\Windows\wininit.ini
2016-04-09 07:40 - 2016-04-09 07:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-07 19:46 - 2016-04-07 20:46 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\Ashampoo
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\Users\ROCOR\AppData\Local\ashampoo
2016-03-17 10:02 - 2016-03-17 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-03-17 10:01 - 2016-03-17 10:02 - 00000000 ____D C:\ProgramData\Ashampoo
2016-03-17 10:01 - 2016-03-17 10:01 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-03-12 18:34 - 2016-03-12 18:34 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\NVIDIA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:08 - 2014-05-22 14:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 15:06 - 2014-05-22 07:19 - 00000000 ___RD C:\Users\ROCOR\Desktop\ROCOR
2016-04-10 14:46 - 2014-05-22 06:59 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-10 12:04 - 2011-04-12 10:34 - 00648690 _____ C:\Windows\system32\perfh005.dat
2016-04-10 12:04 - 2011-04-12 10:34 - 00133548 _____ C:\Windows\system32\perfc005.dat
2016-04-10 12:04 - 2009-07-14 07:13 - 01527778 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 12:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-10 12:03 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-10 12:03 - 2009-07-14 06:45 - 00021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-10 11:58 - 2014-12-29 19:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-04-10 11:58 - 2014-10-08 13:37 - 00001369 ___SH C:\Windows\SysWOW64\mmf.sys
2016-04-10 11:58 - 2014-05-22 16:21 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2016-04-10 11:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-10 11:31 - 2014-11-28 16:12 - 00000000 ____D C:\AdwCleaner
2016-04-10 03:31 - 2014-05-23 07:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-09 22:56 - 2014-12-29 17:06 - 00000000 ____D C:\Windows\Minidump
2016-04-09 19:59 - 2014-08-09 07:35 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2016-04-09 15:32 - 2014-05-22 07:13 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2016-04-09 09:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-07 20:46 - 2014-05-22 06:59 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 20:46 - 2014-05-22 06:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 20:46 - 2014-05-22 06:59 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-05 17:10 - 2016-01-20 06:32 - 00000000 ____D C:\Users\ROCOR\AppData\Local\CrashDumps
2016-03-30 03:06 - 2015-03-21 15:54 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-30 03:06 - 2015-03-21 15:54 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-30 03:05 - 2016-01-12 09:49 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-30 03:05 - 2015-03-21 15:54 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-30 03:05 - 2015-03-21 15:54 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-28 21:07 - 2014-06-18 13:17 - 00001209 _____ C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-03-16 17:06 - 2014-07-09 17:43 - 00000000 ____D C:\Users\ROCOR\Documents\EQ_Foobar2000
2016-03-12 18:34 - 2014-05-23 06:59 - 00000000 ____D C:\Users\ROCOR\AppData\Roaming\tigerplayer
2016-03-12 09:13 - 2014-05-23 21:30 - 00007632 _____ C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories =======

2014-05-22 07:02 - 2014-05-22 07:02 - 0000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 11:22 - 2014-08-10 11:22 - 0000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 21:30 - 2016-03-12 09:13 - 0007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 18:48 - 2014-05-24 18:48 - 0000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini

Some files in TEMP:
====================
C:\Users\ROCOR\AppData\Local\Temp\libeay32.dll
C:\Users\ROCOR\AppData\Local\Temp\msvcr120.dll
C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
C:\Users\ROCOR\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 01:51

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:92.34 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:148.99 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:11.16 GB) FAT32

Available physical RAM: 6656.7 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 17%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Security Center ==================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ROCOR\Desktop" je 8125 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#11 Příspěvek od **motji** » 10 dub 2016 14:38

Otevřete poznámkový blok a zkopírujte do něj:

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [43]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

-uložte jako fixlist.txt vedle Frstu
-otevřete Frst a klikněte na fix.

Mělo by to být v pořádku, pokud by se vám něco nezdálo, ozvěte se

Hynek88 · #12 Příspěvek od **Hynek88** » 18 dub 2016 06:11

Zdravím tak modrá smrt stále, možná častějc,

přikládám foto, můžu přidat analýzu dmp souboru -- dle návodu,

díky moc za rady!

#13 Příspěvek od **motji** » 18 dub 2016 14:05

Rudy píše:Zdravím!
Přeinstalujte:

1. DirectX.
2. Ovladače gr. karty.

Pokud se stav nezmění, udělejte kontrolu RAM: http://forum.viry.cz/viewtopic.php?f=53&t=106788 .

VIRY.CZ

blue screen --- IRQL_NOT_LESS_OR_EQUAL

blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL

Re: blue screen --- IRQL_NOT_LESS_OR_EQUAL