Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

podezření na vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

podezření na vir

#1 Příspěvek od Hynek88 »

Dobrý den, z firefoxu se nemůžu dostat na stránky filmové databáze "csfd.cz", při kliknutí na odkaz se vůbec nic neděje, při otevření v novém panelu se objeví pouze prázdný panel,
tak jsem si nainstaloval prohlížeč Brave a to mi zas občas padá ovladač grafické karty...

děkuji za případné řešení.

tady je log z FRST + Addition

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by ROCOR (administrator) on ROCOR-PC (22-07-2019 09:30:08)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\runservice.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler64.exe
(CMedia) [File not signed] C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Fujitsu) [File not signed] C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) [File not signed] C:\Program Files (x86)\MuralPix\MpAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(SOKNO S.R.L. -> Almico Software (http://www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8761344 2010-09-16] (C-Media Corporation) [File not signed]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy) [File not signed]
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] () [File not signed]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy) [File not signed]
HKLM\...\Drivers32-x32: [vidc.tscc] => C:\PROGRA~2\MpcStar\Codecs\tscc\tsccvid.dll
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] () [File not signed]
HKLM\...\Drivers32: [msacm.avis] => C:\Windows\SysWOW64\ff_acm.acm [47616 2014-07-17] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\75.0.66.100\Installer\chrmstp.exe [2019-07-17] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C353F6-01D4-41C9-B3B6-F7A1A069A282} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
Task: {0FABE276-B12D-428D-B1F8-4A1415262EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd -> Piriform Ltd)
Task: {1B500D6C-175F-4FE0-9C06-D1088E21BD60} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1BCDD016-01C2-43BB-B179-CBDE507137BD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {21F13B1F-DD21-4A59-B3D4-128CAFD52CE6} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [739624 2018-04-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {2B1E36BE-D40A-45D1-8562-CA242D0E27B5} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3D89A8B1-7D28-422A-AF12-D2BBEAD20C7F} - System32\Tasks\{ABE3759C-C482-43D3-9640-6968B5CBEE31} => C:\Users\ROCOR\Desktop\RSITx64.exe
Task: {649AD472-A6F3-4378-BFE3-137AD81623F6} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6A71348C-3354-4645-BFC8-FA32232C0853} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {794690E8-E6E7-44DB-81CF-B4081B15A840} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {84E8493E-D464-4664-8FCA-0713C8C60586} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {85A4BCD4-A9A8-42EF-8812-95E9D8C99799} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {8EF9D0AC-9834-4B60-8895-903B9D36704B} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
Task: {920A9061-F658-4EF0-8911-A959120D5FA9} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96DAD4A5-9A06-4656-9C54-A6E07DAA8875} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAD967C3-43B3-42F9-9D8C-FE47FEDD878D} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
Task: {E1692B5A-B8B3-446E-B427-B7515BAE2953} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E5AA3DB2-04A4-44B0-98FB-38898C690459} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F3D4C28D-54E9-40A3-8D71-DDEF25A72924} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FBF4E42D-1C8F-4BB1-944D-7FCD0DA45CE1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2

Internet Explorer:
==================
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: 25fgo6rt.default-1534754876091
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release [2019-07-22]
FF Homepage: Mozilla\Firefox\Profiles\jpkynbbs.default-release -> hxxp://www.panzernet.net/php/index.php/topic,5205.0.html
FF NetworkProxy: Mozilla\Firefox\Profiles\jpkynbbs.default-release -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\jpkynbbs.default-release -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\cs2@dictionaries.addons.mozilla.org [2019-07-15] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\cs@dictionaries.addons.mozilla.org [2019-07-15] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-14] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-11-22] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2018-08-20] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2019-07-15] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-11-14] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-11-14] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\ednacz.xml [2019-04-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\imdb.xml [2019-03-13]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\internet-movie-firearms-database---guns-in-movies-tv-and-vid.xml [2018-09-18]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\sfd.xml [2019-04-16]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091 [2019-07-22]
FF Homepage: Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091 -> hxxp://www.panzernet.net/php/index.php/topic,5205.0.html
FF NetworkProxy: Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091 -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091 -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\cs2@dictionaries.addons.mozilla.org [2019-07-15] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\cs@dictionaries.addons.mozilla.org [2019-07-15] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\elemhidehelper@adblockplus.org.xpi [2016-11-14] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-11-22] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2018-08-20] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2019-07-15] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2019-07-15] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2019-07-15] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\imdb.xml [2019-03-13]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\internet-movie-firearms-database---guns-in-movies-tv-and-vid.xml [2018-09-18]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (Electronic Arts -> EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (Electronic Arts -> EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google) [File not signed]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Prezentace) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-15]
CHR Extension: (Dokumenty) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-15]
CHR Extension: (Disk Google) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-15]
CHR Extension: (YouTube) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-15]
CHR Extension: (Tabulky) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-15]
CHR Extension: (Gmail) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-15]
CHR Extension: (Chrome Media Router) - C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation - pGFX -> Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA Corporation -> NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts, Inc. -> Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] (Even Balance, Inc. -> )
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (ASMedia Technology Inc. -> Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASROCK Incorporation -> ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1266688 2010-09-16] (C-Media Electronics Incorporation -> C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [59392 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [84608 2012-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd. -> FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-07-13] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (DandM Holdings Inc. -> D&M Holdings Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 09:30 - 2019-07-22 09:30 - 000028945 _____ C:\Users\ROCOR\Desktop\FRST.txt
2019-07-22 08:51 - 2019-07-22 08:51 - 002095104 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2019-07-15 21:00 - 2019-07-17 00:07 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-07-15 20:59 - 2019-07-15 20:59 - 000003336 _____ C:\Windows\System32\Tasks\BraveSoftwareUpdateTaskMachineUA
2019-07-15 20:59 - 2019-07-15 20:59 - 000003208 _____ C:\Windows\System32\Tasks\BraveSoftwareUpdateTaskMachineCore
2019-07-15 20:50 - 2019-07-15 20:50 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\Google
2019-07-15 20:17 - 2019-07-15 20:18 - 002479120 _____ (Sebotucil ) C:\Users\ROCOR\Downloads\mozilla_firefox_0781159199.exe
2019-07-15 20:17 - 2019-07-15 20:17 - 002479120 _____ (Sebotucil ) C:\Users\ROCOR\Downloads\mozilla_firefox_0420815233.exe
2019-07-15 20:15 - 2019-07-15 20:15 - 000000000 ____D C:\ProgramData\Mozilla
2019-07-15 19:50 - 2019-07-22 07:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-14 10:58 - 2019-07-14 16:54 - 000064512 _____ C:\Users\ROCOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-07-14 10:57 - 2019-07-14 10:58 - 000000000 ____D C:\Program Files (x86)\AoA Video Joiner
2019-07-14 10:57 - 2019-07-14 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Video Joiner
2019-07-14 10:54 - 2019-07-14 10:54 - 000000000 ____D C:\Users\ROCOR\AppData\Local\avidemux
2019-07-14 10:53 - 2019-07-14 10:53 - 000000000 ____D C:\Program Files\Avidemux 2.7 - 64 bits
2019-07-13 07:03 - 2019-07-04 20:06 - 033430288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2019-07-13 07:03 - 2019-07-04 20:06 - 021656872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2019-07-13 07:03 - 2019-07-04 20:06 - 018086720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 001007008 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 001007008 _____ C:\Windows\system32\vulkan-1.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 000870088 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 000870088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 000551408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 000456688 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-07-13 07:03 - 2019-07-04 17:10 - 000286408 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-13 07:03 - 2019-07-04 17:10 - 000286408 _____ C:\Windows\system32\vulkaninfo.exe
2019-07-13 07:03 - 2019-07-04 17:10 - 000260296 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-13 07:03 - 2019-07-04 17:10 - 000260296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-07-13 07:03 - 2019-07-04 17:09 - 070432128 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 040913848 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 035345096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 030394056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 029843144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 024276056 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 011059336 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 009492464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 000428416 _____ C:\Windows\system32\nvofapi64.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 000424352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 000377216 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 000171208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2019-07-13 07:03 - 2019-07-04 17:09 - 000149248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 040412360 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 021505408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2019-07-13 07:03 - 2019-07-04 17:08 - 020186312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 017463496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 005034880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 004492488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 002039496 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001722056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443136.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001540808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001469696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001467832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443136.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001162168 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 001134008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000912072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000631496 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000543104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000521928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000470400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000189184 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2019-07-13 07:03 - 2019-07-04 17:08 - 000167624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2019-07-13 07:03 - 2019-07-04 17:07 - 035270016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-07-13 07:03 - 2019-07-04 17:07 - 000525184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2019-07-13 07:03 - 2019-07-03 15:18 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2019-07-13 07:03 - 2019-07-03 15:18 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2019-07-10 07:44 - 2019-07-10 07:44 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:44 - 2019-07-10 07:44 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:44 - 2019-07-10 07:44 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:44 - 2019-07-10 07:44 - 000003704 _____ C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:43 - 2019-04-17 09:42 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2019-07-10 07:43 - 2019-04-17 06:44 - 000075600 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 09:30 - 2016-04-10 09:55 - 000000000 ____D C:\FRST
2019-07-22 09:25 - 2014-05-22 16:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2019-07-22 09:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-07-22 08:51 - 2014-05-22 07:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2019-07-22 00:32 - 2014-08-09 07:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2019-07-21 20:37 - 2016-11-26 15:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2019-07-21 19:29 - 2019-02-10 14:33 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-21 19:23 - 2011-04-12 10:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2019-07-21 19:23 - 2011-04-12 10:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2019-07-21 19:23 - 2009-07-14 07:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-21 19:23 - 2009-07-14 06:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-21 19:23 - 2009-07-14 06:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-21 19:18 - 2014-12-29 19:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2019-07-21 19:18 - 2014-10-08 13:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2019-07-21 19:18 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-21 04:58 - 2019-01-21 13:05 - 000003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2019-07-21 02:02 - 2014-05-22 06:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-18 21:03 - 2014-05-23 07:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-07-15 21:00 - 2019-03-08 16:55 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2019-07-15 20:58 - 2018-08-22 13:43 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Software
2019-07-15 20:53 - 2018-08-22 13:43 - 000000000 ____D C:\Users\ROCOR\AppData\Local\SquirrelTemp
2019-07-15 20:53 - 2014-06-15 15:48 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-15 20:48 - 2014-06-15 15:48 - 000000000 ____D C:\Users\ROCOR\AppData\Local\Google
2019-07-15 20:25 - 2018-08-20 09:37 - 000000000 ____D C:\Users\ROCOR\AppData\LocalLow\Mozilla
2019-07-14 10:57 - 2016-12-26 21:58 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\avidemux
2019-07-13 09:06 - 2014-05-21 10:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-07-13 07:05 - 2014-05-21 10:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-13 07:04 - 2015-03-21 15:54 - 000000000 ____D C:\Users\ROCOR\AppData\Local\NVIDIA
2019-07-13 05:27 - 2018-03-14 17:05 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-07-13 05:15 - 2014-05-22 14:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-07-12 11:52 - 2018-02-13 15:11 - 000000000 ____D C:\LulanT
2019-07-10 07:44 - 2019-02-15 13:42 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:44 - 2019-02-15 13:42 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:44 - 2019-02-15 13:42 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:43 - 2019-02-15 13:42 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:43 - 2019-02-15 13:42 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:43 - 2019-02-15 13:42 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-10 07:43 - 2014-05-21 10:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-09 15:46 - 2018-03-14 07:46 - 000004528 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 15:46 - 2014-05-22 06:59 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-09 15:46 - 2014-05-22 06:59 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-09 15:46 - 2014-05-22 06:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-09 15:46 - 2014-05-22 06:59 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-08 18:49 - 2016-01-20 06:32 - 000000000 ____D C:\Users\ROCOR\AppData\Local\CrashDumps
2019-07-08 18:49 - 2014-12-29 17:06 - 000000000 ____D C:\Windows\Minidump
2019-07-05 12:05 - 2014-08-09 15:54 - 000000000 ____D C:\Users\ROCOR\AppData\Local\dxhr
2019-07-04 20:07 - 2019-02-15 13:40 - 038753216 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2019-07-04 20:06 - 2019-02-15 13:40 - 004932560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-07-04 20:06 - 2019-02-15 13:40 - 004374392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-07-04 17:09 - 2019-02-15 13:40 - 000509528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2019-07-03 15:18 - 2019-02-15 13:40 - 000049315 _____ C:\Windows\system32\nvinfo.pb
2019-07-03 11:10 - 2019-02-15 13:42 - 005435376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 002637168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 000651248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 000450416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-07-03 11:10 - 2019-02-15 13:42 - 000082984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-07-03 11:09 - 2019-02-15 13:42 - 008628422 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories ================

2018-03-16 00:03 - 2018-03-16 00:03 - 000002299 _____ () C:\Users\ROCOR\AppData\Roaming\ASSDraw3.cfg
2014-05-22 07:02 - 2018-02-23 13:21 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2019-07-14 10:58 - 2019-07-14 16:54 - 000064512 _____ () C:\Users\ROCOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-10 11:22 - 2014-08-10 11:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2018-02-13 15:18 - 2018-02-13 15:18 - 000029696 _____ () C:\Users\ROCOR\AppData\Local\MSGBOX.EXE
2014-05-23 21:30 - 2016-04-11 15:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 18:48 - 2014-05-24 18:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-22 00:42
==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ROCOR (22-07-2019 09:30:36)
Running from C:\Users\ROCOR\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 08:09:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-866583909-2925738967-381583198-500 - Administrator - Disabled)
Guest (S-1-5-21-866583909-2925738967-381583198-501 - Limited - Enabled)
ROCOR (S-1-5-21-866583909-2925738967-381583198-1000 - Administrator - Enabled) => C:\Users\ROCOR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
4K Video Downloader 4.4 (HKLM-x32\...\{AA5C80E7-8876-4026-A0D0-582D8EFBA2E1}) (Version: 4.4.7.2307 - Open Media LLC)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aktualizace NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden
Alan Wake (HKLM-x32\...\Alan Wake_is1) (Version: - )
Alan Wake Čestina verze 1.0 (HKLM-x32\...\{68EE3B21-BC13-4B1A-AC92-69E479246650}_is1) (Version: 1.0 - michalss)
Altap Salamander 2.54 (HKLM-x32\...\Altap Salamander 2.54) (Version: 2.54 - ALTAP)
AoA Video Joiner (HKLM-x32\...\AoA Video Joiner_is1) (Version: - AoAMedia.Com)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: - )
ASUS Xonar Essence ST Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.15.161119 - )
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.1.0.5 - Electronic Arts)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 75.0.66.100 - Autoři prohlížeče Brave)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 24149 - GOG.com)
Darkest Dungeon: Musketeer (HKLM-x32\...\1405492047_is1) (Version: 24149 - GOG.com)
Darkest Dungeon: The Color of Madness (HKLM-x32\...\1946270261_is1) (Version: 24149 - GOG.com)
Darkest Dungeon: The Crimson Court (HKLM-x32\...\1957260232_is1) (Version: 24149 - GOG.com)
Darkest Dungeon: The Shieldbreaker (HKLM-x32\...\1128594953_is1) (Version: 24149 - GOG.com)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Debugging Tools for Windows (x86) (HKLM-x32\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
Enemy Front PROPER (HKLM-x32\...\Enemy Front PROPER_is1) (Version: - )
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 4 - Čeština (HKLM-x32\...\{8995E8E7-1793-402E-87B7-F1E106783F84}) (Version: 0.9.8 - prekladyher.eu)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Icon Converter Plus (HKLM-x32\...\Icon Converter Plus) (Version: 4.8 - www.program4pc.com)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Kings Bounty - Warriors of the North verzia 1.3.1.6250 (HKLM-x32\...\Kings Bounty - Warriors of the North_is1) (Version: 1.3.1.6250 - CzTorrent.net)
L.A. Noire verzia 1.3.2617 (HKLM-x32\...\L.A. Noire_is1) (Version: 1.3.2617 - CzTorrent.net)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Lords of the Fallen (HKLM-x32\...\{F3DFAE55-83E3-4BD4-9311-B5AB0C16EFD9}_is1) (Version: - CI Games)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 44.0 (x64 cs) (HKLM\...\Mozilla Firefox 44.0 (x64 cs)) (Version: 44.0 - Mozilla)
MpcStar 6.2 (HKLM-x32\...\MpcStar) (Version: 6.2 - www.mpcstar.com)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
MuralPix 1.07 (HKLM-x32\...\MuralPix) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 431.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.36 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 431.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 431.36 - NVIDIA Corporation) Hidden
Panzer General 3D: Assault (HKLM-x32\...\Panzer General 3D: Assault_is1) (Version: - GOG.com)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.8.2 - PowerUp Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Return to Castle Wolfenstein (HKLM-x32\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.2.0 - Electronic Arts)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
'Steel Fury - Kharkov 1942' (HKLM-x32\...\STLFR_eng_is1) (Version: - Lighthouse Interactive)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFO Afterlight (HKLM-x32\...\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}) (Version: 1.4 - )
UFO Aftershock (HKLM-x32\...\{639555DF-952A-4161-97F6-AB9807E421D7}) (Version: 1.0 - )
UninstallFujitsu Mouse (HKLM-x32\...\{A3BE2F96-2FC2-420D-980B-EC4B856F07FA}_is1) (Version: - Fujitsu Mouse)
USB Audio (HKLM\...\{B500C5BD-165A-4F93-ADAB-BA9E3C071B6C}) (Version: 2.0.1 - Marantz)
Valiant Hearts The Great War (HKLM-x32\...\{4C0EAD53-2DC4-48BC-A57A-A86BED789941}) (Version: 1.0.0 - Ubisoft) Hidden
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.17.11 - Black Tree Gaming Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
Wooky 3.0.1.6 (HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Wooky) (Version: 3.0.1.6 - Mobilbonus, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-866583909-2925738967-381583198-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-07-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\REVO\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4_S-1-5-21-866583909-2925738967-381583198-1000: [Fb2kShellExt] -> {511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8} => C:\Program Files (x86)\foobar2000\ShellExt64.dll [2009-05-27] (Peter Pawlowski) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-23 17:13 - 2018-04-23 17:13 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000567808 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000357888 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 000222720 _____ () [File not signed] C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-12-30 14:56 - 2011-04-19 15:56 - 000143360 ____N () [File not signed] C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2018-02-14 07:28 - 2019-07-21 19:18 - 000192512 _____ () [File not signed] C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2019-07-11 07:24 - 2019-07-21 19:18 - 000158720 _____ () [File not signed] C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
2014-10-08 13:37 - 2014-10-08 13:37 - 000048640 _____ () [File not signed] C:\Windows\mmfs.dll
2014-10-08 13:37 - 2014-10-08 13:37 - 000016384 _____ () [File not signed] C:\Windows\runservice.exe
2014-12-30 14:56 - 2011-05-12 18:19 - 000348160 ____N (C-Media Electronics Inc.) [File not signed] C:\Program Files\ASUS Xonar Essence ST Audio\CustomApp\cmdevice.dll
2014-12-30 14:56 - 2011-05-12 17:50 - 001990656 ____N (CMedia) [File not signed] C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
2016-07-02 15:06 - 2012-11-22 10:27 - 001510912 _____ (Fujitsu) [File not signed] C:\Program Files (x86)\Fujitsu Mouse\DriverAP4.exe
2014-05-22 13:11 - 2012-02-27 03:59 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2005-11-20 18:02 - 2006-12-30 16:47 - 000102400 _____ (Learsy) [File not signed] C:\Program Files (x86)\MuralPix\MpAgent.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-11-24 15:44 - 000000978 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 idnes.cz
127.0.0.1 www.idnes.cz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ROCOR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1 - 172.21.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk => C:\Windows\pss\MpManag.lnk.Startup
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BAFAC2A3-EE14-4561-9792-7B178D2AD7F6}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{60DD18EE-D544-4FAF-A5E6-9961DAE37DAB}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{58CB1CAC-E7E9-48A9-B9E7-816ECFBFCC85}] => (Allow) D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{741CE555-C0C9-4409-BD85-7ADE4600630E}] => (Allow) D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{49E21519-DD47-4AC2-BAA8-086049BCFACC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{563A189B-8151-478C-9308-297A0DEA0E20}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{71626F65-22C9-451A-9D41-EED3F7926C78}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\bfh.exe (Electronic Arts -> Visceral Games)
FirewallRules: [{CBC2E968-928E-4113-828D-F0EB91306294}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\bfh.exe (Electronic Arts -> Visceral Games)
FirewallRules: [TCP Query User{92F5F603-1F64-4E1D-B3EF-D5B6D881C50C}D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe (MachineGames) [File not signed]
FirewallRules: [UDP Query User{9B23A9AA-42A9-492D-89F6-401CB95998A0}D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) D:\games\wolfenstein\new order\wolfenstein the new order\wolfneworder_x64.exe (MachineGames) [File not signed]
FirewallRules: [{AB279C36-36A7-45EA-A382-34116DA29DCB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\BFHWebHelper.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{002932D4-1BCE-4746-8C75-A9F3D251AD68}] => (Allow) C:\Program Files (x86)\Electronic Arts\BFH\BFHWebHelper.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{0ED334B3-B2B2-45D7-8A0D-96A157970CEA}] => (Allow) D:\Steam\SteamApps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{C6D97DBE-81FB-4DB5-BC42-E02D4930E129}] => (Allow) D:\Steam\SteamApps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [TCP Query User{69ADFC3E-2F05-4AFD-9674-7FBE0FCABE13}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe (CI Games S.A.) [File not signed]
FirewallRules: [UDP Query User{F4FD1F4F-ADC4-4EF4-B8B6-45B31E0B1CC3}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe (CI Games S.A.) [File not signed]
FirewallRules: [{E7A9CFFB-3B92-415D-A67F-08BCE91666BE}] => (Allow) D:\Steam\SteamApps\common\Eisenwald\Eisenwald.exe () [File not signed]
FirewallRules: [{A9C15CE4-E493-445A-BAAC-8061258C786D}] => (Allow) D:\Steam\SteamApps\common\Eisenwald\Eisenwald.exe () [File not signed]
FirewallRules: [TCP Query User{85C57A2D-6D78-436D-A330-66073D1D4753}D:\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{158DE561-D3A5-4BFF-A588-C0981B110102}D:\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [{F65318A3-4579-4B24-94F9-5CCA5C2CED30}] => (Allow) D:\Steam\SteamApps\common\Xenonauts\Xenonauts.exe () [File not signed]
FirewallRules: [{BA8918FB-6791-45C6-AC1F-7D05F5E73ABE}] => (Allow) D:\Steam\SteamApps\common\Xenonauts\Xenonauts.exe () [File not signed]
FirewallRules: [{BFCCF15C-D133-43A1-ACDE-32A2F8D4DE80}] => (Allow) D:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe (Square Enix Ltd. -> Square Enix Limited)
FirewallRules: [{FEEE949C-438B-4F40-9BF4-24F14C6B5AB5}] => (Allow) D:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe (Square Enix Ltd. -> Square Enix Limited)
FirewallRules: [{70B9018F-6887-4662-93EA-AF03FA72B2E9}] => (Allow) D:\Steam\SteamApps\common\Project CARS 2\pCARS2.exe (Slightly Mad Studios Ltd) [File not signed]
FirewallRules: [{96446512-51A1-44B3-B01E-D087CB287345}] => (Allow) D:\Steam\SteamApps\common\Project CARS 2\pCARS2.exe (Slightly Mad Studios Ltd) [File not signed]
FirewallRules: [{F04956A2-1C15-4E79-9E70-D60CFC57E43E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{6CE8AEC6-53AF-4119-AB8B-28D062BF4B2E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{8C0DA4DE-F9B0-4DAB-8496-E9D3337B7A0D}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3824833C-F7CF-44C8-82A3-212CDC46BE1D}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{489E2F4C-1A6E-4969-BC06-CF0C28511FFF}] => (Allow) D:\Steam\SteamApps\common\Decisive Campaigns Barbarossa\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{677006AC-3103-4901-AD07-21BC6AE2E9E3}] => (Allow) D:\Steam\SteamApps\common\Decisive Campaigns Barbarossa\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{76B52A99-B065-46BB-92A5-C2809C67D392}] => (Allow) D:\Steam\SteamApps\common\PFAD - Floodings\PFAD - Floodings.exe () [File not signed]
FirewallRules: [{F3180F36-2972-4B1D-9C72-DCE21A450EED}] => (Allow) D:\Steam\SteamApps\common\PFAD - Floodings\PFAD - Floodings.exe () [File not signed]
FirewallRules: [{10BF1CE2-E785-4A0F-9939-33CC1BBC0EA8}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{686850C0-7F62-438B-8B6C-81056CCE39B8}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{86E74658-D20F-4441-903A-F3D1C25BF791}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{88B967CC-1915-4B49-91DC-3993D4B78F24}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{46AE5EE2-AF62-4647-A8D5-8B8157876131}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{84083715-EEB2-477D-9F2C-39454AFC846E}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{E1ED46DD-9CE6-4378-B825-56D5443CA1B2}] => (Block) D:\Steam\SteamApps\common\Fallout 4\Fallout4.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{5FFD7D8F-941B-4257-A096-F8E6C34319C7}] => (Allow) D:\Steam\SteamApps\common\tbs2\win32\The Banner Saga 2.exe () [File not signed]
FirewallRules: [{195F15A8-B754-4E7A-9D3F-52091548D30B}] => (Allow) D:\Steam\SteamApps\common\tbs2\win32\The Banner Saga 2.exe () [File not signed]
FirewallRules: [{C4F2ECFA-815E-4AE9-B6F4-0643C8BA84B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2181AB1D-6A27-4248-9697-5BBB6B157804}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B0FDEB0F-0F37-46EF-BBF3-43477C4949EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{68D73D85-87B8-4F2C-82DD-A5811AB7D928}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B2D7FDE1-AF40-4833-AABD-0EB9FAF78DC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2187DE28-F94A-403E-858F-BF442C0CCBFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{90CF282A-3775-445F-857B-B77C129F7942}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B40DF577-A588-4861-9E70-668432FCC323}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5D9548F3-0629-4148-9BDE-228D2D5B4E5D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

15-07-2019 19:50:33 Revo Uninstaller Pro's restore point - Brave
15-07-2019 20:12:28 Revo Uninstaller Pro's restore point - Mozilla Firefox 56.0 (x64 cs)
15-07-2019 20:25:37 Revo Uninstaller Pro's restore point - Mozilla Firefox 68.0 (x86 cs)
15-07-2019 20:52:04 Revo Uninstaller Pro's restore point - Google Chrome
15-07-2019 20:58:19 Revo Uninstaller Pro's restore point - Brave

==================== Faulty Device Manager Devices =============

Name: Řadič High Definition Audio
Description: Řadič High Definition Audio
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.80 07/01/2013
Motherboard: ASRock Z77 Extreme6
Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 24%
Total physical RAM: 16268.09 MB
Available physical RAM: 12296.57 MB
Total Virtual: 24266.3 MB
Available Virtual: 19781.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:47.35 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:13.19 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.02 GB) FAT32
Drive l: (POCKET) (Removable) (Total:7.45 GB) (Free:7.35 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#3 Příspěvek od Hynek88 »

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-22-2019
# Duration: 00:00:11
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [22/07/2019 10:53:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#4 Příspěvek od Rudy »

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
C:\Users\ROCOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#5 Příspěvek od Hynek88 »

zkopírováno...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#6 Příspěvek od Rudy »

Aha. Já zapoměl uvést, co dál. Omlouvám se:

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#7 Příspěvek od Hynek88 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ROCOR (22-07-2019 17:21:51) Run:1
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
C:\Users\ROCOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2 => removed successfully
C:\Users\ROCOR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10222475 B
Java, Flash, Steam htmlcache => 261342526 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 243493 B
Firefox => 59905286 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
ROCOR => 582403 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 324.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:21:55 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#9 Příspěvek od Hynek88 »

grafika nepadá, ale na csfd se stále z firefoxu nemůžu dostat...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#10 Příspěvek od Rudy »

Ještě zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#11 Příspěvek od Hynek88 »

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by ROCOR on Łt 23.07.2019 at 7:43:11,55.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ROCOR\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.7.2019 7:44:16 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\K-Lite Codec Pack deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\Program Files\ASRock deleted successfully
C:\Program Files\ASRock Utility deleted successfully
C:\Users\ROCOR\AppData\Roaming\Opera Software deleted successfully
C:\Users\ROCOR\AppData\Roaming\PlayFirst deleted successfully
C:\Users\ROCOR\AppData\Local\Black_Tree_Gaming deleted successfully
C:\Users\ROCOR\AppData\Local\CrashDumps deleted successfully
C:\Users\ROCOR\AppData\Local\GHISLER deleted successfully
C:\Users\ROCOR\AppData\Local\Opera Software deleted successfully
C:\Users\ROCOR\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\prefs.js:
user_pref("browser.startup.homepage", "http://www.panzernet.net/php/index.php/ ... 205.0.html");
user_pref("browser.search.selectedEngine", "ÄŚSFD");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\prefs.js:
user_pref("browser.startup.homepage", "http://www.panzernet.net/php/index.php/ ... 205.0.html");
user_pref("browser.search.defaultenginename", "ÄŚSFD");
user_pref("browser.search.selectedEngine", "ÄŚSFD");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091

user.js not found
---- Lines Surftastic removed from prefs.js ----
user_pref("extensions.Surftastic.asul", "1397968670022");
user_pref("extensions.Surftastic.aul", "1397968643491");
user_pref("extensions.Surftastic.irl", true);
user_pref("extensions.Surftastic.is", "amp17lmcz");
user_pref("extensions.Surftastic.ug", "4EBD4F23-EC83-46BC-AA99-A904D564FD27");
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----
user_pref("extensions.{EEE6C361-6118-11DC-9C72-001320C79847}.install-event-fired", true);
---- Lines 62d40876-df18-411f-9d34-a9dd7a197bc5 removed from prefs.js ----
user_pref("extensions.{62d40876-df18-411f-9d34-a9dd7a197bc5}.install-event-fired", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.yzLmU6N removed from prefs.js ----
user_pref("extensions.yzLmU6N.epoch", "1382822968");
user_pref("extensions.yzLmU6N.url", "http://getjpijs.info/sync2/?q=hfZ9ofqPC ... ds8rTwGpjr
---- FireFox user.js and prefs.js backups ----

prefs_23.07.2019_0753_.backup

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release

user.js not found
---- Lines Surftastic removed from prefs.js ----
user_pref("extensions.Surftastic.asul", "1397968670022");
user_pref("extensions.Surftastic.aul", "1397968643491");
user_pref("extensions.Surftastic.irl", true);
user_pref("extensions.Surftastic.is", "amp17lmcz");
user_pref("extensions.Surftastic.ug", "4EBD4F23-EC83-46BC-AA99-A904D564FD27");
---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ----
user_pref("extensions.{EEE6C361-6118-11DC-9C72-001320C79847}.install-event-fired", true);
---- Lines 62d40876-df18-411f-9d34-a9dd7a197bc5 removed from prefs.js ----
user_pref("extensions.{62d40876-df18-411f-9d34-a9dd7a197bc5}.install-event-fired", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.yzLmU6N removed from prefs.js ----
user_pref("extensions.yzLmU6N.epoch", "1382822968");
user_pref("extensions.yzLmU6N.url", "http://getjpijs.info/sync2/?q=hfZ9ofqPC ... ds8rTwGpjr
---- FireFox user.js and prefs.js backups ----

prefs_23.07.2019_0753_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\K-Lite Codec Pack not found
C:\PROGRA~2\Origin Games not found
C:\Users\ROCOR\AppData\Roaming\dll-files.com deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ROCOR\AppData\Local\MSGBOX.EXE deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\DLL-files.com Fixer deleted
C:\windows\SysNative\tasks\DLL-files.com Fixer_UPDATES deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091
- esk slovnk pro kontrolu pravopisu bez diakritiky - %ProfilePath%\extensions\cs2@dictionaries.addons.mozilla.org
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3)
- BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2)
- BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3)
- Undetermined - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3)
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- ImageBlock - %ProfilePath%\extensions\imageblock@hemantvats.com.xpi
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Re§im ECHO je vypnut. - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Flash Game Maximizer - %ProfilePath%\extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release
- esk slovnk pro kontrolu pravopisu bez diakritiky - %ProfilePath%\extensions\cs2@dictionaries.addons.mozilla.org
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3)
- BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2)
- BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3)
- Undetermined - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3)
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- ImageBlock - %ProfilePath%\extensions\imageblock@hemantvats.com.xpi
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Re§im ECHO je vypnut. - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Flash Game Maximizer - %ProfilePath%\extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- FileServe Toolbar - %AppDir%\extensions\fileserve@fileserve.com
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll - [?]
- C:\Program Files x86\Battlelog Web Plugins\2.7.1\npbattlelog.dll - [?]

Profilepath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll - [?]
- C:\Program Files x86\Battlelog Web Plugins\2.7.1\npbattlelog.dll - [?]


==== Chromium Look ======================


Leoh New Tab - ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ijhhakihjccpanbibbcceofpjnebokcb
Momentum - ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Chrome Media Router - ROCOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ijhhakihjccpanbibbcceofpjnebokcb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences was reset successfully
C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data was reset successfully
C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data-journal was reset successfully
C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ROCOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\ROCOR\AppData\Local\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\ROCOR\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache emptied successfully
C:\Users\ROCOR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=120 folders=55 47924517 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ROCOR\AppData\Local\Temp will be emptied at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ROCOR\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 23.07.2019 at 7:57:49,72 ======================




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by ROCOR (Limited) on Łt 23.07.2019 at 8:02:50,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\25fgo6rt.default-1534754876091\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash (Folder)
Successfully deleted: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\jpkynbbs.default-release\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 23.07.2019 at 8:04:35,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#12 Příspěvek od Rudy »

OK. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hynek88
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 18 úno 2012 06:47

Re: podezření na vir

#13 Příspěvek od Hynek88 »

grafika mi teda už nepadá, což je asi hlavní - se souvislostí s tím Brave,,, a na to csfd se z firefoxu stále nemůžu dostat - používám starou verzi

firefoxu (44.0)...

ale když ho aktualizuji tak se na csfd dostanu, ale - ty nový verze firefoxu mi nepodporují vzhled "nasa", kdy je všechno tmavé a hlavně jsou tmavé i odkazy

v záložkách... a nikde jsem nenašel vzhled, který by i měnil ty záložky, tak jsem ten novej firefox odinstaloval a vrátil zpět starou verzi...

ale nechám to být a na vyhledávání filmů budu prostě používat Brave, hlavně že už nepadá ta grafika a není to zavirovaný



tak zatím díky!

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118198
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: podezření na vir

#14 Příspěvek od Rudy »

Ono to bude nejspíše v té staré verzi FF. Ta nepodporuje i jiné weby (csfd nevím). Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět