Malware? Virus?

Zpráva

itulka55 · #1 Příspěvek od **itulka55** » 15 srp 2016 20:09

Dobrý večer, prosím o pomoc. Mozilla mi hlásí "neodpovídá". Zpomalí, nebo se sekne. Pročistila jsem ccleanerem pak pořídila log. Zde je:

# AdwCleaner v6.000 - *Logfile created 15/08/2016 *at 20:00:14
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-08-15.2 [*Server]
# *Operating System : Windows 10 Home (X86)
# *Username : itulka55 - ITA
# *Running from : C:\Users\itulka55\adwcleaner.exe
# *Mode: Scan
# *Support : https://toolslib.net/forum

***** [ *Services ] *****

*No malicious services found.

***** [ *Folders ] *****

*Folder Found: C:\Users\itulka55\AppData\Roaming\Solvusoft

***** [ *Files ] *****

*File Found: C:\WINDOWS\patsearch.bin
*File Found: C:\WINDOWS\system32\roboot.exe

***** [ DLL ] *****

*No malicious DLLs found.

***** [ WMI ] *****

*No malicious keys found.

***** [ *Shortcuts ] *****

*No infected shortcut found.

***** [ *Scheduled tasks ] *****

*Task Found: LaunchPreSignup

***** [ *Registry ] *****

*Key Found: HKU\S-1-5-21-1707795040-164264734-4081291318-1001\Software\AppDataLow\Software\CheckMeUp
*Key Found: HKCU\Software\AppDataLow\Software\CheckMeUp
*Key Found: HKLM\SOFTWARE\MaxPower
*Value Found: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [BrowserWeb.exe]

***** [ *Web browsers ] *****

*No malicious Firefox based browser items found.
*No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1355 *Bytes] - [15/08/2016 20:00:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1429 *Bytes] ##########

#2 Příspěvek od **Rudy** » 15 srp 2016 21:17

Zdravím!
Většinou AdWary. Spusťte mazání a pak dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

itulka55 · #3 Příspěvek od **itulka55** » 16 srp 2016 10:13

Nejde mi stáhnout FRSTLauncher.exe Autor doporučuje vypnout rezidentní štít antiviru, ale já kromě Windows defender žádný antivirák nemám. Všechno jsem u něj vypnula a přesto mi to blokuje. Vypnula jsem i bránu Firewall, ale ne současně s defenderem. Poraďte jak na něj! Díky

itulka55 · #4 Příspěvek od **itulka55** » 16 srp 2016 11:29

Povedlo se mi jen toto:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by itulka55 (16-08-2016 12:18:05)
Running from C:\Users\itulka55\Desktop
Microsoft Windows 10 Home Version 1511 (X86) (2015-12-22 10:06:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1707795040-164264734-4081291318-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1707795040-164264734-4081291318-503 - Limited - Disabled)
Guest (S-1-5-21-1707795040-164264734-4081291318-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1707795040-164264734-4081291318-1003 - Limited - Enabled)
itulka55 (S-1-5-21-1707795040-164264734-4081291318-1001 - Administrator - Enabled) => C:\Users\itulka55

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.103.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 47.0.1 (x86 cs)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Seznam Software (HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\SeznamInstall) (Version: - Seznam.cz)
Skype™ 7.25 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse (07/01/2014 3.0.0.33) (HKLM\...\F702FA7BC14FCDE2F71BCDC3E7305536832742C1) (Version: 07/01/2014 3.0.0.33 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1707795040-164264734-4081291318-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01296ACB-627A-442F-9D4B-D4D6B2173119} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {04951B7C-AD94-4E12-9A41-ECA85928EB46} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1118C5CF-6867-46F5-98B1-23A666BD406C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {23E3E3FB-7CBA-4348-A4B6-DFB17A037199} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {5B175BB2-AF66-4FB1-A8D1-5884D9CC1044} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {5E007C2A-FBA3-42D7-853F-373E4C1B0F1D} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {5F9A5D4E-1A59-49B8-846B-573F871359C5} - System32\Tasks\{34FCBBC0-F2D3-46E0-815A-5671F60F6E30} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lig ... rror=12002
Task: {622F974F-997D-42C2-97A7-9D90AD668245} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {67B0B0B3-AF20-4067-9C91-F58B02AE4170} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {6F401EF2-754A-4EED-BB7A-93918478C752} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {70831FC9-BEA0-4AE3-88AA-C8BF55971F30} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {8E3A341A-1FCD-4F2B-B9BF-DD9968F2A027} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {97EEE5C9-2DB0-4F0F-B69C-E49DCC1C0E22} - System32\Tasks\{221E4F46-5A05-4319-9D54-58AD111A65F9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.13.0.101/cs/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9A1221A8-EAC0-4DCD-B87F-2E1841DC7AE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9BE3385E-80A8-4DF6-B259-D2C43075EF1C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-07-29] (AsusTek)
Task: {B229BD18-13F4-4D48-9B16-F50B4F0C00DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8793891-18ED-4613-867C-4CE55B2E1138} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B9DEDD54-DFE6-4ED4-85BC-F264D01ABD27} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {C1B19050-C3A9-4A99-9948-BCD3A63E9B4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C2237F58-DC8E-480E-843B-D35C2E7179BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C5B75B56-92D6-48F0-A23F-C5C155028237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CBD46914-B2EC-48E0-ADC1-20DFC9765EDB} - System32\Tasks\{6E73111E-90E1-4D0F-8316-095807FA3754} => C:\Program Files\Skype\\Phone\Skype.exe [2016-06-29] (Skype Technologies S.A.)
Task: {D50960F0-EDE6-4EC1-91BD-7FA8B54EF31A} - System32\Tasks\{CFCC7C1A-1CD9-46E2-8255-856DB5AEEB7C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.13.0.101/cs/abandoninstall?source=lightinstaller&page=tsInstall
Task: {D54309DD-FC3D-4A46-8AF5-CE23E6F8438A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {EA566823-FF67-48FE-B0DB-2D694DC773A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FE8E2417-52E2-402D-B2EC-DA0C89C82735} - System32\Tasks\{BB05197F-2FBB-4D6D-BCF2-9A4E2C8E3074} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lig ... rror=12002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:44 - 2015-10-30 07:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 12:51 - 2016-07-01 06:38 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00117248 _____ () C:\Program Files\ASUS\Splendid\CCTAdjust.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00037936 _____ () C:\Program Files\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00018992 _____ () C:\Program Files\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00020528 _____ () C:\Program Files\ASUS\Splendid\AMDRegammaAndGamut.dll
2016-07-13 12:51 - 2016-07-01 06:38 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 13:54 - 2016-05-24 13:54 - 00679624 _____ () C:\Users\itulka55\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-22 11:40 - 2015-12-22 11:40 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:50 - 2016-07-01 05:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 12:51 - 2016-07-01 05:13 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:51 - 2016-07-01 05:08 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:52 - 2016-07-01 05:08 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:51 - 2016-07-01 05:11 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00047616 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-04-19 21:40 - 2016-04-19 21:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-19 21:40 - 2016-04-19 21:40 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 21:40 - 2016-04-19 21:40 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1707795040-164264734-4081291318-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\itulka55\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{3f84868d-3096-4e33-b216-bab20961e2c8}.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B00D3A67-C10B-48DA-AA77-AA8A8EEE8751}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4D042E0C-ED9F-45D4-89EF-54399002BB32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8BBEC2F-3EDF-45DD-ABCF-6ECCBF01DF43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{414FBCCE-911E-4D35-9BF0-8FB575A553DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B15E24D3-F9C9-4BB6-A2AE-7E6402FCA327}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{3356136C-63C8-4FA1-BACC-62363080DC06}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{73A690DB-75B2-49D5-A888-2C28006418F3}] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{650A624B-A612-4971-9C42-8C4CF9AFAB10}] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{293BDBD2-2D5A-4342-BB54-48C54E8438B0}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5DE78914-0328-49F4-8CD5-71DF023A9AF7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2016 01:56:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147023174. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/14/2016 01:56:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147023174. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/11/2016 02:45:45 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {BB694602-7099-438D-A90A-CC10E806B511}

Error: (08/08/2016 07:29:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/08/2016 05:16:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/08/2016 05:14:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/08/2016 02:56:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/06/2016 07:38:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/02/2016 08:10:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/30/2016 10:15:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ita)
Description: Aplikaci Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147023174. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

System errors:
=============
Error: (08/16/2016 11:23:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_25e67 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (08/16/2016 10:34:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_29678 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (08/16/2016 10:34:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/16/2016 10:34:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (08/16/2016 10:34:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (08/16/2016 10:34:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (08/16/2016 10:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/16/2016 10:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASUS HID Access Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/16/2016 10:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/16/2016 10:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Platform & Thermal Framework Critical Service Application byla neočekávaně ukončena. Tento stav nastal již 1krát.

CodeIntegrity:
===================================
Date: 2016-08-11 04:53:03.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 21:49:40.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-15 04:53:57.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-14 15:40:43.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-18 17:22:17.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-17 05:37:05.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 16:31:47.919
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 14:46:09.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 04:04:11.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 16:57:09.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 73%
Total physical RAM: 1983.15 MB
Available physical RAM: 519.77 MB
Total Virtual: 2815.15 MB
Available Virtual: 1128.6 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:28.46 GB) (Free:6.54 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: EDE6B65B)

Partition: GPT.

==================== End of Addition.txt ============================

itulka55 · #5 Příspěvek od **itulka55** » 16 srp 2016 13:30

....a toto (pokud to není identické)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2016 01
Ran by itulka55 (administrator) on ITA (16-08-2016 12:16:37)
Running from C:\Users\itulka55\Desktop
Loaded Profiles: itulka55 (Available Profiles: itulka55)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-24] (Intel Corporation)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-05-12] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\itulka55\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\itulka55\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{1e3c7a00-b5b1-47bb-8bf7-b30b2443a9ff}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{45bf24a2-cb1d-4e86-ad24-a75c1f2db238}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{61abedae-1070-491d-9cb4-2e9066c49f29}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{bf5c4c18-b192-475c-a954-be81c6cf830d}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1707795040-164264734-4081291318-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1707795040-164264734-4081291318-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1707795040-164264734-4081291318-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default\user.js [2016-02-22]
FF SearchPlugin: C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default\searchplugins\-seznam-tv-program-.xml [2015-03-11]
FF Extension: Simple YouTube to MP3/MP4 Converter and Downloader - C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-07-29]
FF Extension: Video DownloadHelper - C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
FF Extension: Seznam lištička - C:\Users\itulka55\AppData\Roaming\Mozilla\Firefox\Profiles\iuwi1t3m.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2015-04-09] (Broadcom Corporation.)
R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-10-25] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2014-06-24] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2014-06-24] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2014-06-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283568 2015-10-25] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [69912 2014-07-29] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd64.sys [300544 2015-10-30] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [36352 2014-06-24] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [17408 2014-06-24] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [19968 2014-06-24] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [28160 2014-06-24] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [72704 2014-06-24] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [174080 2014-06-24] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2014-05-16] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [62464 2014-05-16] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44096 2015-07-20] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [260608 2014-06-28] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35392 2015-07-20] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [277760 2015-10-01] (Realtek Semiconductor Corp.)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 12:16 - 2016-08-16 12:17 - 00013670 _____ C:\Users\itulka55\Desktop\FRST.txt
2016-08-16 12:16 - 2016-08-16 12:16 - 00000000 ____D C:\FRST
2016-08-16 10:46 - 2016-08-16 12:16 - 01744896 _____ (Farbar) C:\Users\itulka55\Desktop\FRST.exe
2016-08-15 20:01 - 2016-08-15 20:01 - 00001509 _____ C:\Users\itulka55\Desktop\AdwCleaner[S0].txt
2016-08-15 19:56 - 2016-08-16 10:34 - 00000000 ____D C:\AdwCleaner
2016-08-15 19:55 - 2016-08-15 19:56 - 03784256 _____ C:\Users\itulka55\adwcleaner.exe
2016-08-12 13:17 - 2016-08-12 13:17 - 01446002 _____ C:\Users\itulka55\Desktop\nab45_2016_654 - Komendová Marie.pdf
2016-08-09 22:34 - 2016-08-03 07:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 22:34 - 2016-08-03 07:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 22:34 - 2016-08-03 07:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 22:34 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 22:34 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 22:34 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 22:34 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 22:34 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 22:34 - 2016-08-03 07:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 22:34 - 2016-08-03 07:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 22:34 - 2016-08-03 07:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 22:34 - 2016-08-03 07:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 22:34 - 2016-08-03 07:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 22:34 - 2016-08-03 07:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 22:34 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 22:34 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 22:34 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 22:34 - 2016-08-03 06:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 22:34 - 2016-08-03 06:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 22:34 - 2016-08-03 06:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 22:34 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 22:34 - 2016-08-03 06:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 22:34 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 22:34 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 22:34 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 22:34 - 2016-08-03 06:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 22:34 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 22:34 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 22:34 - 2016-08-03 06:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 22:34 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 22:34 - 2016-08-03 06:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 22:34 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 22:34 - 2016-08-03 06:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 22:34 - 2016-08-03 06:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 22:34 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 22:34 - 2016-08-03 06:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 22:34 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 22:34 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 22:34 - 2016-08-03 06:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 22:34 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 22:34 - 2016-08-03 06:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 22:34 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 22:33 - 2016-08-03 07:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 22:33 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 22:33 - 2016-08-03 07:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 22:33 - 2016-08-03 07:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 22:33 - 2016-08-03 06:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 22:33 - 2016-08-03 06:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 22:33 - 2016-08-03 06:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 22:33 - 2016-08-03 06:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 22:33 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 22:33 - 2016-08-03 06:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 22:33 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 22:33 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 22:33 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 22:33 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 22:33 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 21:08 - 2016-08-03 08:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 21:08 - 2016-08-03 08:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 21:08 - 2016-08-03 08:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 21:08 - 2016-08-03 06:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 21:08 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 21:08 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 21:08 - 2016-08-03 06:33 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 21:08 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 21:08 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 21:08 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 21:08 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 21:08 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 21:08 - 2016-08-03 06:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 21:07 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 21:07 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 21:07 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 21:07 - 2016-08-03 07:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 21:07 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 21:07 - 2016-08-03 06:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 21:07 - 2016-08-03 06:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 21:07 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 21:07 - 2016-08-03 06:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 21:07 - 2016-08-03 06:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 21:07 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 21:07 - 2016-08-03 06:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-08 16:03 - 2016-08-08 16:03 - 01444572 _____ C:\Users\itulka55\Desktop\Cenová nabídka OKNOSTYL group s.r.o.pdf
2016-08-08 16:02 - 2016-08-08 16:02 - 00060891 _____ C:\Users\itulka55\Desktop\poptavka.pdf
2016-08-06 13:00 - 2016-08-06 13:00 - 00000000 ____D C:\Users\itulka55\Desktop\kout
2016-07-31 19:22 - 2016-08-01 10:16 - 00045760 _____ C:\Users\itulka55\Desktop\Výklad modlitby Páně.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 12:07 - 2015-03-11 14:42 - 00000000 ____D C:\Users\itulka55\AppData\Roaming\Skype
2016-08-16 12:04 - 2015-03-11 14:07 - 00000093 _____ C:\Users\itulka55\AppData\Roaming\sp_data.sys
2016-08-16 12:04 - 2015-03-11 14:07 - 00000000 __SHD C:\Users\itulka55\IntelGraphicsProfiles
2016-08-16 11:23 - 2015-12-22 11:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-16 10:58 - 2015-03-18 19:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-16 10:47 - 2015-12-22 11:51 - 00000000 ____D C:\Users\itulka55
2016-08-16 10:40 - 2015-10-30 17:08 - 00752820 _____ C:\WINDOWS\system32\perfh005.dat
2016-08-16 10:40 - 2015-10-30 17:08 - 00151710 _____ C:\WINDOWS\system32\perfc005.dat
2016-08-16 10:40 - 2015-10-30 07:47 - 00000000 ____D C:\WINDOWS\INF
2016-08-16 10:40 - 2015-10-25 21:14 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-16 10:35 - 2015-12-22 12:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-16 10:34 - 2015-10-30 07:13 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-16 08:56 - 2015-10-30 07:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 08:56 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-13 13:13 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 04:04 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 03:59 - 2015-10-30 07:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 03:58 - 2015-10-30 17:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 10:52 - 2015-03-14 03:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 10:47 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 10:47 - 2015-10-30 07:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 10:47 - 2015-03-14 03:07 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-05 21:02 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-03 12:27 - 2015-03-11 14:07 - 00000000 ____D C:\Users\itulka55\AppData\Local\Packages
2016-08-02 20:07 - 2015-11-24 15:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-29 23:06 - 2015-12-26 21:51 - 00000000 ___RD C:\Program Files\Skype
2016-07-29 23:06 - 2015-03-11 14:41 - 00000000 ____D C:\ProgramData\Skype
2016-07-27 21:25 - 2015-03-13 14:00 - 00406184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-24 22:56 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2015-03-11 14:07 - 2016-08-16 12:04 - 0000093 _____ () C:\Users\itulka55\AppData\Roaming\sp_data.sys
2016-02-02 00:02 - 2016-02-02 00:02 - 0003584 _____ () C:\Users\itulka55\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-12 13:26 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-05-12 13:26 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-12 13:26 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Users\itulka55\adwcleaner.exe
C:\Users\itulka55\ccleaner-lista-centrumcz.exe
C:\Users\itulka55\ccsetup513.exe
C:\Users\itulka55\ccsetup514.exe
C:\Users\itulka55\Setup_FileViewPro_2016.exe
C:\Users\itulka55\SkypeSetupFull.exe
C:\Users\itulka55\vlc-2.2.1-win32.exe
C:\Users\itulka55\wrar_unplugged_3.7.0.1.exe

Some files in TEMP:
====================
C:\Users\itulka55\AppData\Local\Temp\libeay32.dll
C:\Users\itulka55\AppData\Local\Temp\msvcr120.dll
C:\Users\itulka55\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-22 11:43

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 16 srp 2016 17:40

V pořádku. Otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKU\S-1-5-21-1707795040-164264734-4081291318-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\ProgramData\SetStretch.VBS
C:\Users\itulka55\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\itulka55\adwcleaner.exe
C:\Users\itulka55\ccleaner-lista-centrumcz.exe
C:\Users\itulka55\ccsetup513.exe
C:\Users\itulka55\ccsetup514.exe
C:\Users\itulka55\Setup_FileViewPro_2016.exe
C:\Users\itulka55\SkypeSetupFull.exe
C:\Users\itulka55\vlc-2.2.1-win32.exe
C:\Users\itulka55\wrar_unplugged_3.7.0.1.exe
C:\Users\itulka55\AppData\Local\Temp
Task: {04951B7C-AD94-4E12-9A41-ECA85928EB46} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1118C5CF-6867-46F5-98B1-23A666BD406C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {622F974F-997D-42C2-97A7-9D90AD668245} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F401EF2-754A-4EED-BB7A-93918478C752} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8E3A341A-1FCD-4F2B-B9BF-DD9968F2A027} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A1221A8-EAC0-4DCD-B87F-2E1841DC7AE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B229BD18-13F4-4D48-9B16-F50B4F0C00DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8793891-18ED-4613-867C-4CE55B2E1138} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C1B19050-C3A9-4A99-9948-BCD3A63E9B4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C2237F58-DC8E-480E-843B-D35C2E7179BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA566823-FF67-48FE-B0DB-2D694DC773A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

itulka55 · #7 Příspěvek od **itulka55** » 16 srp 2016 18:17

itulka55 · #8 Příspěvek od **itulka55** » 16 srp 2016 18:34

Zde kopie fixlogu:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by itulka55 (16-08-2016 19:24:40) Run:1
Running from C:\Users\itulka55\Desktop
Loaded Profiles: itulka55 (Available Profiles: itulka55)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-1707795040-164264734-4081291318-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\ProgramData\SetStretch.VBS
C:\Users\itulka55\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\itulka55\adwcleaner.exe
C:\Users\itulka55\ccleaner-lista-centrumcz.exe
C:\Users\itulka55\ccsetup513.exe
C:\Users\itulka55\ccsetup514.exe
C:\Users\itulka55\Setup_FileViewPro_2016.exe
C:\Users\itulka55\SkypeSetupFull.exe
C:\Users\itulka55\vlc-2.2.1-win32.exe
C:\Users\itulka55\wrar_unplugged_3.7.0.1.exe
C:\Users\itulka55\AppData\Local\Temp
Task: {04951B7C-AD94-4E12-9A41-ECA85928EB46} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1118C5CF-6867-46F5-98B1-23A666BD406C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {622F974F-997D-42C2-97A7-9D90AD668245} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F401EF2-754A-4EED-BB7A-93918478C752} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8E3A341A-1FCD-4F2B-B9BF-DD9968F2A027} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A1221A8-EAC0-4DCD-B87F-2E1841DC7AE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B229BD18-13F4-4D48-9B16-F50B4F0C00DE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8793891-18ED-4613-867C-4CE55B2E1138} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C1B19050-C3A9-4A99-9948-BCD3A63E9B4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C2237F58-DC8E-480E-843B-D35C2E7179BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA566823-FF67-48FE-B0DB-2D694DC773A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
End
*****************

"HKU\S-1-5-21-1707795040-164264734-4081291318-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\ProgramData\SetStretch.VBS => moved successfully
C:\Users\itulka55\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\itulka55\adwcleaner.exe => moved successfully
C:\Users\itulka55\ccleaner-lista-centrumcz.exe => moved successfully
C:\Users\itulka55\ccsetup513.exe => moved successfully
C:\Users\itulka55\ccsetup514.exe => moved successfully
C:\Users\itulka55\Setup_FileViewPro_2016.exe => moved successfully
C:\Users\itulka55\SkypeSetupFull.exe => moved successfully
C:\Users\itulka55\vlc-2.2.1-win32.exe => moved successfully
C:\Users\itulka55\wrar_unplugged_3.7.0.1.exe => moved successfully

"C:\Users\itulka55\AppData\Local\Temp" folder move:

Could not move "C:\Users\itulka55\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04951B7C-AD94-4E12-9A41-ECA85928EB46}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04951B7C-AD94-4E12-9A41-ECA85928EB46}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1118C5CF-6867-46F5-98B1-23A666BD406C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1118C5CF-6867-46F5-98B1-23A666BD406C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{622F974F-997D-42C2-97A7-9D90AD668245}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{622F974F-997D-42C2-97A7-9D90AD668245}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F401EF2-754A-4EED-BB7A-93918478C752}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F401EF2-754A-4EED-BB7A-93918478C752}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E3A341A-1FCD-4F2B-B9BF-DD9968F2A027}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E3A341A-1FCD-4F2B-B9BF-DD9968F2A027}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A1221A8-EAC0-4DCD-B87F-2E1841DC7AE5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A1221A8-EAC0-4DCD-B87F-2E1841DC7AE5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B229BD18-13F4-4D48-9B16-F50B4F0C00DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B229BD18-13F4-4D48-9B16-F50B4F0C00DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8793891-18ED-4613-867C-4CE55B2E1138}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8793891-18ED-4613-867C-4CE55B2E1138}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1B19050-C3A9-4A99-9948-BCD3A63E9B4D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1B19050-C3A9-4A99-9948-BCD3A63E9B4D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2237F58-DC8E-480E-843B-D35C2E7179BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2237F58-DC8E-480E-843B-D35C2E7179BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA566823-FF67-48FE-B0DB-2D694DC773A9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA566823-FF67-48FE-B0DB-2D694DC773A9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-08-2016 19:25:40)

C:\Users\itulka55\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:25:40 ====

#9 Příspěvek od **Rudy** » 16 srp 2016 18:54

Smazáno. Nastala nějaká změna?

itulka55 · #10 Příspěvek od **itulka55** » 16 srp 2016 19:52

Ano, děkuji. Už to nedělá. Přeji pěkný večer

#11 Příspěvek od **Rudy** » 16 srp 2016 20:57

Hezký večer i vám a nemáte zač!

VIRY.CZ

Malware? Virus?

Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?

Re: Malware? Virus?