Jenom preventivka

[aldik]

I když poslední dobou pozoruji, že je procesor celkem často vytížen na 100%, ale osobně si myslím že to nebude havětí, ale spíš že už nestíhá a bude třeba inovovat HW.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Alan Řepka at 2016-11-25 20:24:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 46 GB (47%) free of 99 GB
Total RAM: 3327 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:28, on 25.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\vVX6000.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Alan Řepka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Alan Řepka\Desktop\RSIT.exe
C:\Program Files\trend micro\Alan Řepka.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Alan Řepka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1316349868-1623069257-2176752556-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1316349868-1623069257-2176752556-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5218 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d1ab4ca1b46b6c.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d1ab4ca224bb11.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-08-30 1004064]
"VX6000"=C:\Windows\vVX6000.exe [2010-05-20 764784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"OneDrive"=C:\Users\Alan Řepka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-18 633024]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [2016-03-24 680528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
C:\Windows\vVX6000.exe [2010-05-20 764784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2016-11-25 20:24:19 ----D---- C:\Program Files\trend micro
2016-11-25 20:24:18 ----D---- C:\rsit
2016-11-23 12:13:20 ----HD---- C:\OneDriveTemp
2016-11-15 08:49:22 ----D---- C:\Program Files\CPUID
2016-11-05 12:00:49 ----D---- C:\79b4bc6469ffbe85018c

======List of files/folders modified in the last 1 month======

2016-11-25 20:24:33 ----D---- C:\Windows\Prefetch
2016-11-25 20:24:24 ----D---- C:\Windows\Temp
2016-11-25 20:24:19 ----RD---- C:\Program Files
2016-11-25 20:12:27 ----D---- C:\Users\Alan Řepka\AppData\Roaming\eM Client
2016-11-25 18:03:26 ----D---- C:\Windows\system32\config
2016-11-24 12:35:05 ----SHD---- C:\System Volume Information
2016-11-23 12:20:06 ----D---- C:\Windows\System32
2016-11-23 12:20:06 ----D---- C:\Windows\inf
2016-11-23 12:20:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-12 15:23:37 ----D---- C:\Windows\system32\catroot2
2016-11-09 21:59:28 ----D---- C:\Windows\winsxs
2016-11-09 12:32:11 ----SHD---- C:\$Recycle.Bin
2016-11-09 12:31:57 ----RD---- C:\Users
2016-11-08 18:28:26 ----SHD---- C:\Windows\Installer
2016-11-08 18:28:26 ----D---- C:\Windows\system32\Tasks
2016-11-05 12:06:32 ----D---- C:\Windows\system32\catroot
2016-11-05 12:05:11 ----D---- C:\Program Files\Microsoft Security Client
2016-11-05 12:04:18 ----D---- C:\Windows
2016-11-05 12:04:15 ----D---- C:\Windows\system32\drivers
2016-11-05 09:10:41 ----D---- C:\Windows\Microsoft.NET
2016-11-05 08:56:15 ----D---- C:\Program Files\eM Client
2016-10-28 02:22:22 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 252808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-13 43008]
R3 VX6000;Microsoft LifeCam VX-6000; C:\Windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-21 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-08-30 104200]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-08-30 280864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2015-11-05 45744]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-04-23 102912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

[Márty84]

Zdravim

Log vypada celkem neskodne, ale jelikoz zdaleka neukaze vse, podivame se trochu hloubeji a procistime to od zbytecnosti. Treba se mu pak ulevi

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[aldik]

# AdwCleaner v6.030 - Log soubor vytvořen 26/11/2016 na 16:54:45
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-26.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : Alan Řepka - ALAN-REPKA
# Beží od : C:\Users\Alan Řepka\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\ALANEP~1\AppData\Local\Temp\APN-Stub
[-] Adresář smazán:C:\Users\ALANEP~1\AppData\Local\Temp\APNLogs


***** [ Soubory ] *****

[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_everest-portable.en.softonic.com_0.localstorage
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_everest-portable.en.softonic.com_0.localstorage-journal
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_klavesnice.heureka.cz_0.localstorage
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_klavesnice.heureka.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_www.akcniceny.cz_0.localstorage
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_www.akcniceny.cz_0.localstorage-journal
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_www.slunecnice.cz_0.localstorage
[-] Soubor smazán:C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\hxxp_www.slunecnice.cz_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2162 Bajtů] - [26/11/2016 16:54:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [2634 Bajtů] - [26/11/2016 16:53:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2310 Bajtů] ##########

[aldik]

A ještě log z toho druhého programu..

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26.11.2016
Čas skenování: 16:59
Protokol: mb-log2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.26.06
Databáze rootkitů: v2016.11.20.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Alan Řepka

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 472721
Uplynulý čas: 3 hod, 39 min, 25 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Varovat

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

MBAM odinstalujte.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[aldik]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2016
Ran by Alan Řepka (administrator) on ALAN-REPKA (27-11-2016 21:47:41)
Running from C:\Users\Alan Řepka\Desktop
Loaded Profiles: Alan Řepka & UpdatusUser (Available Profiles: Alan Řepka & UpdatusUser & Guest)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
() C:\Program Files\RocketDock\RocketDock.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1004064 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [680528 2016-03-24] (ZONER software)
HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-06] (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{8B2C905F-2672-4736-8219-03B71EDD6B1F}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF DefaultProfile: 73l391rz.default
FF ProfilePath: C:\Users\Alan Řepka\AppData\Roaming\Mozilla\Firefox\Profiles\73l391rz.default [2016-08-10]
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxp://www.google.cz/
CHR Session Restore: Profile 3 -> is enabled.
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Default [2016-03-04]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-02-06]
CHR Extension: (Outlook.com) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-02-06]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Tabulky Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-04]
CHR Extension: (Drive) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2016-02-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-11-27]
CHR Extension: (Prezentace Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-04]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-03-04]
CHR Extension: (Dokumenty Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Disk Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-12]
CHR Extension: (YouTube) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2016-11-19]
CHR Extension: (Tabulky Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Tlačítko Pin It) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-11-19]
CHR Extension: (Google Keep – poznámky a seznamy) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-11-15]
CHR Extension: (Nástroj na obnovení Chromebooku) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2016-03-04]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-11-26]
CHR Extension: (Hangouts Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-11-26]
CHR Extension: (Drive) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2016-03-04]
CHR Extension: (Save to Pocket) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Prohlížeč dokumentů ve formátu PDF/PowerPoint (od společnosti Google)) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-03-04]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-11-09]
CHR Extension: (Outlook.com) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-03-04]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-10-10]
CHR Extension: (Disk Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Tabulky Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-10]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-10]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-05-09]
CHR Extension: (Prezentace Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-04]
CHR Extension: (Dokumenty Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Disk Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Tabulky Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-09]
CHR Extension: (Drive) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2016-03-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-09]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7 [2016-11-26]
CHR Extension: (Disk Google) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
CHR Extension: (Adblock Plus) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR Profile: C:\Users\Alan Řepka\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [104200 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-08-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2074480 2010-05-20] (Microsoft Corporation
)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 21:47 - 2016-11-27 21:47 - 00016949 _____ C:\Users\Alan Řepka\Desktop\FRST.txt
2016-11-27 21:47 - 2016-11-27 21:47 - 00015327 _____ C:\Users\Alan Řepka\Desktop\LM.bat
2016-11-27 21:45 - 2016-11-27 21:45 - 00112640 _____ (forum.viry.cz) C:\Users\Alan Řepka\Desktop\FRSTLauncher.exe
2016-11-27 21:44 - 2016-11-27 21:44 - 00006944 _____ C:\Users\Alan Řepka\Desktop\Addition.rar
2016-11-27 21:41 - 2016-11-27 21:47 - 00000000 ____D C:\FRST
2016-11-27 21:40 - 2016-11-27 21:40 - 01760768 _____ (Farbar) C:\Users\Alan Řepka\Desktop\FRST.exe
2016-11-26 16:57 - 2016-11-26 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 16:51 - 2016-11-26 16:54 - 00000000 ____D C:\AdwCleaner
2016-11-26 16:50 - 2016-11-26 16:50 - 22851472 _____ (Malwarebytes ) C:\Users\Alan Řepka\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-26 16:47 - 2016-11-26 16:47 - 03910208 _____ C:\Users\Alan Řepka\Desktop\adwcleaner_6.030.exe
2016-11-26 15:03 - 2016-11-26 15:03 - 00000000 ___HD C:\OneDriveTemp
2016-11-25 20:24 - 2016-11-25 20:25 - 00000000 ____D C:\rsit
2016-11-25 20:24 - 2016-11-25 20:25 - 00000000 ____D C:\Program Files\trend micro
2016-11-25 20:23 - 2016-11-25 20:23 - 01107968 _____ C:\Users\Alan Řepka\Desktop\RSIT.exe
2016-11-15 08:49 - 2016-11-15 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-15 08:49 - 2016-11-15 08:49 - 00000000 ____D C:\Program Files\CPUID
2016-11-15 08:48 - 2016-11-15 08:48 - 01718016 _____ ( ) C:\Users\Alan Řepka\Downloads\cpu-z_1.77-en.exe
2016-11-15 08:32 - 2016-11-15 08:32 - 00007605 _____ C:\Users\Alan Řepka\AppData\Local\Resmon.ResmonCfg
2016-11-09 12:32 - 2016-11-09 12:32 - 00058016 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-09 12:32 - 2016-11-09 12:32 - 00001402 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-09 12:32 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Zoner
2016-11-09 12:32 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-11-09 12:32 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest\AppData\Local\Zoner
2016-11-09 12:32 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-11-09 12:32 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-11-09 12:31 - 2016-11-09 12:32 - 00000000 ____D C:\Users\Guest
2016-11-09 12:31 - 2016-11-09 12:31 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Šablony
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Soubory cookie
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Poslední
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Okolní tiskárny
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Okolní síť
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Nabídka Start
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Dokumenty
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Documents\Obrázky
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Documents\Hudba
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Documents\Filmy
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\Data aplikací
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-11-09 12:31 - 2016-11-09 12:31 - 00000000 _SHDL C:\Users\Guest\AppData\Local\Data aplikací
2016-11-09 12:31 - 2009-07-14 10:19 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2016-11-05 12:00 - 2016-11-05 12:00 - 00000000 ____D C:\79b4bc6469ffbe85018c
2016-11-05 11:59 - 2016-11-05 12:00 - 02746808 _____ C:\Users\Alan Řepka\Downloads\Windows6.1-KB3135445-x86.msu
2016-11-05 11:58 - 2016-11-05 11:59 - 02751664 _____ C:\Users\Alan Řepka\Downloads\Windows6.1-KB3102810-x86.msu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 21:31 - 2016-05-11 07:16 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab4ca224bb11.job
2016-11-27 17:39 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 17:39 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 15:07 - 2016-05-11 07:16 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab4ca1b46b6c.job
2016-11-26 16:56 - 2016-02-06 11:46 - 00000000 ___RD C:\Users\Alan Řepka\OneDrive
2016-11-26 16:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 16:47 - 2016-08-10 11:32 - 00000000 ____D C:\Users\Alan Řepka\AppData\Roaming\eM Client
2016-11-26 15:12 - 2016-03-04 13:41 - 00000000 ____D C:\Users\Alan Řepka\AppData\Local\CrashDumps
2016-11-26 15:08 - 2016-02-06 11:18 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 15:08 - 2009-07-14 09:44 - 00668866 _____ C:\Windows\system32\perfh005.dat
2016-11-26 15:08 - 2009-07-14 09:44 - 00141526 _____ C:\Windows\system32\perfc005.dat
2016-11-26 15:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-17 16:23 - 2016-03-03 12:26 - 00005632 _____ C:\Users\Alan Řepka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-15 02:33 - 2016-03-04 11:43 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 02:33 - 2016-03-04 11:43 - 00002138 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-05 12:08 - 2009-07-14 05:33 - 00267432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-05 12:05 - 2016-02-06 12:15 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-05 12:05 - 2016-02-06 12:10 - 00002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-05 12:05 - 2016-02-06 12:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-05 09:38 - 2016-02-10 16:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-05 08:56 - 2016-08-10 11:30 - 00000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2016-11-05 08:56 - 2016-08-10 11:30 - 00000000 ____D C:\Program Files\eM Client
2016-10-30 14:47 - 2016-02-06 11:19 - 00000000 ____D C:\Users\Alan Řepka\AppData\Local\Google
2016-10-28 02:22 - 2016-02-06 11:30 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-03-03 12:26 - 2016-11-17 16:23 - 0005632 _____ () C:\Users\Alan Řepka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-15 08:32 - 2016-11-15 08:32 - 0007605 _____ () C:\Users\Alan Řepka\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Alan Řepka\AppData\Local\Temp\AskSLib.dll
C:\Users\Alan Řepka\AppData\Local\Temp\libeay32.dll
C:\Users\Alan Řepka\AppData\Local\Temp\msvcr120.dll
C:\Users\Alan Řepka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alan Řepka\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 12:25

==================== End of FRST.txt ============================

[Márty84]

Napiste mi velikost adresare plochy (C:\Users\Alan Řepka\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [680528 2016-03-24] (ZONER software)
GroupPolicy: Restriction ? <======= ATTENTION

R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]

2016-11-26 16:57 - 2016-11-26 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 16:50 - 2016-11-26 16:50 - 22851472 _____ (Malwarebytes ) C:\Users\Alan Řepka\Desktop\mbam-setup-2.2.1.1043.exe

Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab4ca1b46b6c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab4ca224bb11.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[aldik]

plocha_scr.jpg (43.52 KiB) Zobrazeno 4463 x

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by Alan Řepka (04-12-2016 10:58:42) Run:1
Running from C:\Users\Alan Řepka\Desktop
Loaded Profiles: Alan Řepka & UpdatusUser (Available Profiles: Alan Řepka & UpdatusUser & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTRAY.EXE [680528 2016-03-24] (ZONER software)
GroupPolicy: Restriction ? <======= ATTENTION

R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04 154440]

2016-11-26 16:57 - 2016-11-26 16:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 16:50 - 2016-11-26 16:50 - 22851472 _____ (Malwarebytes ) C:\Users\Alan Řepka\Desktop\mbam-setup-2.2.1.1043.exe

Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab4ca1b46b6c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab4ca224bb11.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1316349868-1623069257-2176752556-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
MBAMSwissArmy => service removed successfully.
gupdate => service removed successfully.
SkypeUpdate => service removed successfully.
gupdatem => service removed successfully.
C:\ProgramData\Malwarebytes => moved successfully
C:\Users\Alan Řepka\Desktop\mbam-setup-2.2.1.1043.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab4ca1b46b6c.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab4ca224bb11.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 25165824 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 109628575 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 86592497 B
Edge => 0 B
Chrome => 1616725803 B
Firefox => 12436961 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29550990 B
LocalService => 66228 B
NetworkService => 94013761 B
Alan Řepka => 933979290 B
UpdatusUser => 0 B
Guest => 84853 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:01:31 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[aldik]

Bod 1 proveden

Bod 2 taky, resp. to dělám čas od času sám, program používám delší dobu.

Bod 3 Disky jsem defragmentoval nástrojem přímo z Win, snad nevadí ale provedu to i tím externím programem.

***
Zatím nemůžu posoudit, zda je pc rychlejší.. Jinak nějak zlobí WindowsUpdate, ani oprava oprava skrz nástroj z webu MS, ani nainstalování dvou ručně stažených aktualizací z webu MS které měli pomoct nějak nepomáhá.. pořád to dlouho hledá aktualizace a prd najde, resp. hledá a hledá... a nic.

wu_opr.jpg (82.52 KiB) Zobrazeno 4374 x

[Márty84]

S aktualizacemi je problem, to se takhle na dalku spatne resi, to je spis ukol pro technickou podporu microsoftu.

Muzem zkusit...



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[aldik]

ComboFix 16-12-15.01 - Alan Řepka 22.12.2016 9:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3327.2579 [GMT 1:00]
Spuštěný z: c:\users\Alan ěepka\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-11-22 do 2016-12-22 )))))))))))))))))))))))))))))))
.
.
2016-12-22 08:39 . 2016-12-22 08:39 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{849A83E2-A942-43FA-80D7-69783DF340B8}\offreg.836.dll
2016-12-22 08:34 . 2016-11-10 07:30 9834504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{849A83E2-A942-43FA-80D7-69783DF340B8}\mpengine.dll
2016-12-21 14:28 . 2016-12-21 14:28 -------- d-----w- C:\OneDriveTemp
2016-12-17 10:38 . 2016-12-17 10:38 -------- d-----w- c:\windows\CheckSur
2016-12-17 10:33 . 2016-12-17 10:33 -------- d-----w- C:\a61b0d6f53d6ac305bb051356e4f82
2016-12-16 14:17 . 2016-12-16 14:20 -------- d-----w- c:\program files\Defraggler
2016-12-16 12:01 . 2016-12-16 12:01 -------- d-----w- c:\program files\Common Files\Skype
2016-12-15 20:54 . 2016-12-15 20:54 -------- d-----w- C:\3479cc6caf3d65a4d0d2c1ac57
2016-12-15 12:02 . 2016-12-15 12:02 -------- d-----w- C:\6d77c62e591295c7086cd74187c7
2016-12-14 07:59 . 2016-11-10 07:30 9834504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-12-13 11:53 . 2016-12-13 11:53 -------- d-----w- c:\users\Alan Řepka\AppData\Local\ElevatedDiagnostics
2016-12-13 11:37 . 2016-12-13 11:37 -------- d-s---w- c:\windows\system32\CompatTel
2016-12-13 11:37 . 2016-12-13 11:37 -------- d-----w- c:\windows\system32\appraiser
2016-12-10 14:19 . 2016-05-11 10:05 915640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A48E2D-0B2D-4FEA-BCAB-A12990799592}\gapaengine.dll
2016-11-25 19:24 . 2016-11-25 19:25 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-28 01:22 . 2016-02-06 10:30 407720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-12-09 14:18 2094304 ----a-w- c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-12-09 14:18 2094304 ----a-w- c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-12-09 14:18 2094304 ----a-w- c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-12-09 14:18 2094304 ----a-w- c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-12-09 14:18 2094304 ----a-w- c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OneDrive"="c:\users\Alan Řepka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-12-09 1517280]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 18\Program32\ZPSTRAY.EXE" [2016-03-24 680528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1004064]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-02-06 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2010-05-20 14:27 764784 ----a-w- c:\windows\vVX6000.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-09-20 324224]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-04-23 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2016-08-30 280864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-11 21:28 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1316349868-1623069257-2176752556-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1316349868-1623069257-2176752556-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-12-22 09:53:26
ComboFix-quarantined-files.txt 2016-12-22 08:53
.
Před spuštěním: Volných bajtů: 51 402 244 096
Po spuštění: Volných bajtů: 51 351 416 832
.
- - End Of File - - 1A7E447F8DE199810B7685892F332AE3
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Nastala nejaka zmena?

[aldik]

Ne. WU stále hledá a hledá už několik hodin..

[aldik]

Zvláštní je, že mi u hodin vyskočí sice taková ta klasická bublina, že jsou k dispozici nové aktualizace.. čekal bych teda, že se mi zobrazí seznam k instalaci, ale prd.. jen to hledá a hledá.. Zavirovaný pc teda není, ale fakt nevím co Microsoft pohnojil, že to nejde kdyby to aspon hodilo nějakou chybu a ne že to furt hledá.

Edit: tak už to našlo aktualizace konečně, teď ještě aby je to v pořádku stáhlo a ne několik hodin..

Edit 2: Hmm, tak ted pro změnu už několik hodin dělá, že to aktualizace stahuje, ale stále to je na 0%...

Edit3: tak jsem vygooglil zase další aktualizaci, která by tomu mohla pomoct a po restartu a nějakém čekání se první várka aktualizací stáhla a nainstalovala.. uvidíme dál.