Zdavím, poslední dobou je pomalejší PC. Hlavně prohlížeč, prosím o radu na zrychlení.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017
Ran by C_zek (administrator) on RADEK (12-11-2017 04:10:54)
Running from C:\Users\C_zek\Downloads
Loaded Profiles: C_zek (Available Profiles: C_zek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [323328 2017-11-11] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {7d195d32-6c2b-11e4-8266-bc5ff4805ef3} - "F:\Autorun.exe"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {bce32d59-fea8-11e4-825a-bc5ff4805ef3} - "G:\startme.exe"
Startup: C:\Users\C_zek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-08-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23243872-6C07-4495-A3A0-E43E47A99E8F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2640610849-859800793-2110194236-1001 -> {BB2B34E3-F21D-47F5-A6F5-21038A3406FB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FireFox:
========
FF DefaultProfile: pfk9j87o.default
FF ProfilePath: C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\pfk9j87o.default -> hxxps://www.seznam.cz/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (uBlock Origin) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-08]
FF Extension: (Adblock Plus) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-11-12]
FF Extension: (Fixing the geo timeline) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\features\{e1c3c710-51f9-40e4-9a10-841de946a1fd}\timecop@mozilla.com.xpi [2017-11-11]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default [2017-11-05]
CHR Extension: (Prezentace Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-19]
CHR Extension: (Proxmate) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-09]
CHR Extension: (Gmail) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR HKU\S-1-5-21-2640610849-859800793-2110194236-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-11] (ESET)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-25] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-05] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-07-28] (Sony Mobile Communications)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 04:10 - 2017-11-12 04:11 - 000012312 _____ C:\Users\C_zek\Downloads\FRST.txt
2017-11-12 04:10 - 2017-11-12 04:10 - 000000000 ____D C:\FRST
2017-11-12 04:09 - 2017-11-12 04:09 - 002392576 _____ (Farbar) C:\Users\C_zek\Downloads\FRST64.exe
2017-11-07 23:15 - 2017-11-07 23:16 - 000000000 ____D C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720.WEBRip
2017-11-07 23:15 - 2017-11-07 23:15 - 000019681 _____ C:\Users\C_zek\Downloads\[CzT]Bon_Cop_Bad_Cop_2_2017_Webrip_720p_.torrent
2017-11-05 23:58 - 2017-11-05 23:59 - 000000000 ____D C:\Users\C_zek\Desktop\Čtení
2017-11-05 23:26 - 2017-11-07 00:11 - 000002351 _____ C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720p.BluRay.H264.AAC-RARBG.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 04:10 - 2016-11-19 05:38 - 000000000 ____D C:\Users\C_zek\AppData\LocalLow\Mozilla
2017-11-11 22:39 - 2016-03-28 15:16 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-11 22:39 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-11-11 17:11 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-11 16:44 - 2015-04-01 19:16 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 16:44 - 2013-08-22 23:08 - 000733268 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-11 16:44 - 2013-08-22 23:08 - 000148614 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-11 16:44 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-11 16:38 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 14:50 - 2015-04-01 19:11 - 000000000 ____D C:\Users\C_zek
2017-11-11 04:13 - 2016-11-12 14:50 - 000000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-11-08 13:13 - 2015-04-02 19:08 - 000000000 ____D C:\Users\C_zek\AppData\Roaming\uTorrent
2017-11-05 22:20 - 2015-12-26 00:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-05 20:40 - 2017-09-19 09:05 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-05 05:44 - 2015-04-01 19:23 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2640610849-859800793-2110194236-1001
2017-11-03 19:13 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-29 11:18 - 2015-05-01 11:42 - 000000000 ____D C:\KMPlayer
2017-10-29 11:13 - 2016-10-21 06:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-25 15:30 - 2016-08-29 03:03 - 000004372 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 01:30 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 20:12 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2015-09-26 12:31 - 2015-09-26 12:31 - 000000026 _____ () C:\Users\C_zek\AppData\Local\isoworkshop.ini
2015-05-22 19:06 - 2015-05-22 19:07 - 028684424 _____ (Sony Mobile Communications ) C:\Users\C_zek\AppData\Local\pcc.exe
Files to move or delete:
====================
C:\Users\C_zek\license.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-14 20:35
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Zdravim 
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Tady to je:
# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 12 11:57:29 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-10-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
------------------------------------------------------------------------------------------------------------
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 12.11.17
Čas skenování: 13:07
Logovací soubor: 0f1592fa-c7a2-11e7-a16f-bc5ff4805ef3.json
Správce: Ano
-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.236
Aktualizovat verzi balíku komponent: 1.0.3235
Licence: Zkušební
-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Radek\C_zek
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 344263
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 2 hod, 44 min, 41 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 5
RiskWare.GameHack, C:\HRY\COD - ADVANCED WARFARE\STEAM_API64.DLL, Žádná uživatelská akce, [455], [305544],1.0.3235
RiskWare.GameHack.Steam, C:\HRY\COD - ADVANCED WARFARE\STEAMCLIENT.DLL, Žádná uživatelská akce, [679], [311644],1.0.3235
HackTool.Agent.Steam, C:\PROGRAM FILES\DIRT RALLY\STEAM_APIR.DLL, Žádná uživatelská akce, [1508], [24633],1.0.3235
Trojan.PasswordStealer, C:\PROGRAM FILES (X86)\ACTIVISION\CALL OF DUTY - WORLD AT WAR\COD5BOT.EXE, Žádná uživatelská akce, [53], [279531],1.0.3235
HackTool.Agent, C:\PROGRAM FILES (X86)\RELIC ENTERTAINMENT\COMPANY OF HEROES - COMPLETE EDITION\STEAM_API.DLL, Žádná uživatelská akce, [449], [85886],1.0.3235
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 12 11:57:29 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-10-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
------------------------------------------------------------------------------------------------------------
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 12.11.17
Čas skenování: 13:07
Logovací soubor: 0f1592fa-c7a2-11e7-a16f-bc5ff4805ef3.json
Správce: Ano
-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.236
Aktualizovat verzi balíku komponent: 1.0.3235
Licence: Zkušební
-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Radek\C_zek
-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 344263
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 2 hod, 44 min, 41 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 5
RiskWare.GameHack, C:\HRY\COD - ADVANCED WARFARE\STEAM_API64.DLL, Žádná uživatelská akce, [455], [305544],1.0.3235
RiskWare.GameHack.Steam, C:\HRY\COD - ADVANCED WARFARE\STEAMCLIENT.DLL, Žádná uživatelská akce, [679], [311644],1.0.3235
HackTool.Agent.Steam, C:\PROGRAM FILES\DIRT RALLY\STEAM_APIR.DLL, Žádná uživatelská akce, [1508], [24633],1.0.3235
Trojan.PasswordStealer, C:\PROGRAM FILES (X86)\ACTIVISION\CALL OF DUTY - WORLD AT WAR\COD5BOT.EXE, Žádná uživatelská akce, [53], [279531],1.0.3235
HackTool.Agent, C:\PROGRAM FILES (X86)\RELIC ENTERTAINMENT\COMPANY OF HEROES - COMPLETE EDITION\STEAM_API.DLL, Žádná uživatelská akce, [449], [85886],1.0.3235
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Re: Prosím o kontrolu
Log z ADWCleaneru je jen po skenu. Nechal jste nalezy odstranit? Nalezy MBAM doporucuji odstranit, pak MBAM odinstalujte. Dejte nove logy z FRST podle tohoto navodu https://forum.viry.cz/viewtopic.php?f=13&t=152707 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach (Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Tady je FRST, nálezy sem odstranil:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by C_zek (administrator) on RADEK (12-11-2017 21:26:16)
Running from C:\Users\C_zek\Desktop
Loaded Profiles: C_zek (Available Profiles: C_zek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [323328 2017-11-11] (ESET)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {7d195d32-6c2b-11e4-8266-bc5ff4805ef3} - "F:\Autorun.exe"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {bce32d59-fea8-11e4-825a-bc5ff4805ef3} - "G:\startme.exe"
Startup: C:\Users\C_zek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-08-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23243872-6C07-4495-A3A0-E43E47A99E8F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2640610849-859800793-2110194236-1001 -> {BB2B34E3-F21D-47F5-A6F5-21038A3406FB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FireFox:
========
FF DefaultProfile: pfk9j87o.default
FF ProfilePath: C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\pfk9j87o.default -> hxxps://www.seznam.cz/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (uBlock Origin) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-08]
FF Extension: (Adblock Plus) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-11-12]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Prezentace Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-19]
CHR Extension: (Proxmate) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-09]
CHR Extension: (Gmail) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR HKU\S-1-5-21-2640610849-859800793-2110194236-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-11] (ESET)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-25] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-05] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-07-28] (Sony Mobile Communications)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 21:26 - 2017-11-12 21:26 - 000012614 _____ C:\Users\C_zek\Desktop\FRST.txt
2017-11-12 21:25 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Downloads\FRST64(1).exe
2017-11-12 21:25 - 2017-11-12 21:25 - 000000000 ____D C:\Users\C_zek\Desktop\FRST-OlderVersion
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2017-11-12 16:16 - 2017-11-12 16:22 - 4032200704 _____ C:\Users\C_zek\Downloads\Call.of.Duty.WWII.iso
2017-11-12 16:14 - 2017-11-12 16:14 - 000326906 _____ C:\Users\C_zek\Downloads\[CzT]Call_of_Duty_WWII_2017_.torrent
2017-11-12 13:04 - 2017-11-12 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 12:55 - 2017-11-12 21:16 - 000000000 ____D C:\AdwCleaner
2017-11-12 12:53 - 2017-11-12 12:53 - 078346672 _____ (Malwarebytes ) C:\Users\C_zek\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-12 04:11 - 2017-11-12 04:12 - 000027028 _____ C:\Users\C_zek\Downloads\Addition.txt
2017-11-12 04:10 - 2017-11-12 21:26 - 000000000 ____D C:\FRST
2017-11-12 04:10 - 2017-11-12 04:12 - 000017133 _____ C:\Users\C_zek\Downloads\FRST.txt
2017-11-12 04:09 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Desktop\FRST64.exe
2017-11-07 23:15 - 2017-11-07 23:16 - 000000000 ____D C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720.WEBRip
2017-11-07 23:15 - 2017-11-07 23:15 - 000019681 _____ C:\Users\C_zek\Downloads\[CzT]Bon_Cop_Bad_Cop_2_2017_Webrip_720p_.torrent
2017-11-05 23:58 - 2017-11-05 23:59 - 000000000 ____D C:\Users\C_zek\Desktop\Čtení
2017-11-05 23:26 - 2017-11-07 00:11 - 000002351 _____ C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720p.BluRay.H264.AAC-RARBG.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 21:22 - 2015-04-01 19:23 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2640610849-859800793-2110194236-1001
2017-11-12 21:21 - 2015-04-01 19:16 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 21:21 - 2013-08-22 23:08 - 000733268 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-12 21:21 - 2013-08-22 23:08 - 000148614 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-12 21:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-12 21:18 - 2016-11-19 05:38 - 000000000 ____D C:\Users\C_zek\AppData\LocalLow\Mozilla
2017-11-12 21:17 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 21:08 - 2016-10-31 10:18 - 000000000 ____D C:\Program Files\DiRT Rally
2017-11-12 21:07 - 2015-04-01 19:11 - 000000000 ____D C:\Users\C_zek
2017-11-12 16:16 - 2015-04-02 19:08 - 000000000 ____D C:\Users\C_zek\AppData\Roaming\uTorrent
2017-11-11 22:39 - 2016-03-28 15:16 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-11 22:39 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-11-11 17:11 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-11 04:13 - 2016-11-12 14:50 - 000000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-11-05 22:20 - 2015-12-26 00:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-05 20:40 - 2017-09-19 09:05 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-03 19:13 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-29 11:18 - 2015-05-01 11:42 - 000000000 ____D C:\KMPlayer
2017-10-29 11:13 - 2016-10-21 06:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-25 15:30 - 2016-08-29 03:03 - 000004372 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 01:30 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 20:12 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2015-09-26 12:31 - 2015-09-26 12:31 - 000000026 _____ () C:\Users\C_zek\AppData\Local\isoworkshop.ini
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ () C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2015-05-22 19:06 - 2015-05-22 19:07 - 028684424 _____ (Sony Mobile Communications ) C:\Users\C_zek\AppData\Local\pcc.exe
Files to move or delete:
====================
C:\Users\C_zek\license.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-14 20:35
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by C_zek (administrator) on RADEK (12-11-2017 21:26:16)
Running from C:\Users\C_zek\Desktop
Loaded Profiles: C_zek (Available Profiles: C_zek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [323328 2017-11-11] (ESET)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {7d195d32-6c2b-11e4-8266-bc5ff4805ef3} - "F:\Autorun.exe"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {bce32d59-fea8-11e4-825a-bc5ff4805ef3} - "G:\startme.exe"
Startup: C:\Users\C_zek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-08-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23243872-6C07-4495-A3A0-E43E47A99E8F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2640610849-859800793-2110194236-1001 -> {BB2B34E3-F21D-47F5-A6F5-21038A3406FB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
FireFox:
========
FF DefaultProfile: pfk9j87o.default
FF ProfilePath: C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\pfk9j87o.default -> hxxps://www.seznam.cz/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (uBlock Origin) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-08]
FF Extension: (Adblock Plus) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-11-12]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Prezentace Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-19]
CHR Extension: (Proxmate) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-09]
CHR Extension: (Gmail) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR HKU\S-1-5-21-2640610849-859800793-2110194236-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-11] (ESET)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-25] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-05] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-07-28] (Sony Mobile Communications)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 21:26 - 2017-11-12 21:26 - 000012614 _____ C:\Users\C_zek\Desktop\FRST.txt
2017-11-12 21:25 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Downloads\FRST64(1).exe
2017-11-12 21:25 - 2017-11-12 21:25 - 000000000 ____D C:\Users\C_zek\Desktop\FRST-OlderVersion
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2017-11-12 16:16 - 2017-11-12 16:22 - 4032200704 _____ C:\Users\C_zek\Downloads\Call.of.Duty.WWII.iso
2017-11-12 16:14 - 2017-11-12 16:14 - 000326906 _____ C:\Users\C_zek\Downloads\[CzT]Call_of_Duty_WWII_2017_.torrent
2017-11-12 13:04 - 2017-11-12 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 12:55 - 2017-11-12 21:16 - 000000000 ____D C:\AdwCleaner
2017-11-12 12:53 - 2017-11-12 12:53 - 078346672 _____ (Malwarebytes ) C:\Users\C_zek\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-12 04:11 - 2017-11-12 04:12 - 000027028 _____ C:\Users\C_zek\Downloads\Addition.txt
2017-11-12 04:10 - 2017-11-12 21:26 - 000000000 ____D C:\FRST
2017-11-12 04:10 - 2017-11-12 04:12 - 000017133 _____ C:\Users\C_zek\Downloads\FRST.txt
2017-11-12 04:09 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Desktop\FRST64.exe
2017-11-07 23:15 - 2017-11-07 23:16 - 000000000 ____D C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720.WEBRip
2017-11-07 23:15 - 2017-11-07 23:15 - 000019681 _____ C:\Users\C_zek\Downloads\[CzT]Bon_Cop_Bad_Cop_2_2017_Webrip_720p_.torrent
2017-11-05 23:58 - 2017-11-05 23:59 - 000000000 ____D C:\Users\C_zek\Desktop\Čtení
2017-11-05 23:26 - 2017-11-07 00:11 - 000002351 _____ C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720p.BluRay.H264.AAC-RARBG.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-12 21:22 - 2015-04-01 19:23 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2640610849-859800793-2110194236-1001
2017-11-12 21:21 - 2015-04-01 19:16 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 21:21 - 2013-08-22 23:08 - 000733268 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-12 21:21 - 2013-08-22 23:08 - 000148614 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-12 21:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-12 21:18 - 2016-11-19 05:38 - 000000000 ____D C:\Users\C_zek\AppData\LocalLow\Mozilla
2017-11-12 21:17 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 21:08 - 2016-10-31 10:18 - 000000000 ____D C:\Program Files\DiRT Rally
2017-11-12 21:07 - 2015-04-01 19:11 - 000000000 ____D C:\Users\C_zek
2017-11-12 16:16 - 2015-04-02 19:08 - 000000000 ____D C:\Users\C_zek\AppData\Roaming\uTorrent
2017-11-11 22:39 - 2016-03-28 15:16 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-11 22:39 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-11-11 17:11 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-11 04:13 - 2016-11-12 14:50 - 000000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-11-05 22:20 - 2015-12-26 00:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-05 20:40 - 2017-09-19 09:05 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-03 19:13 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-29 11:18 - 2015-05-01 11:42 - 000000000 ____D C:\KMPlayer
2017-10-29 11:13 - 2016-10-21 06:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-25 15:30 - 2016-08-29 03:03 - 000004372 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 01:30 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 20:12 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2015-09-26 12:31 - 2015-09-26 12:31 - 000000026 _____ () C:\Users\C_zek\AppData\Local\isoworkshop.ini
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ () C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2015-05-22 19:06 - 2015-05-22 19:07 - 028684424 _____ (Sony Mobile Communications ) C:\Users\C_zek\AppData\Local\pcc.exe
Files to move or delete:
====================
C:\Users\C_zek\license.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-14 20:35
==================== End of FRST.txt ============================
Naposledy upravil(a) Rage dne 12 lis 2017 21:30, celkem upraveno 2 x.
Re: Prosím o kontrolu
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by C_zek (12-11-2017 21:26:58)
Running from C:\Users\C_zek\Desktop
Windows 8.1 (Update) (X64) (2015-04-01 18:13:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2640610849-859800793-2110194236-500 - Administrator - Disabled)
C_zek (S-1-5-21-2640610849-859800793-2110194236-1001 - Administrator - Enabled) => C:\Users\C_zek
Guest (S-1-5-21-2640610849-859800793-2110194236-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2640610849-859800793-2110194236-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Cenega) Hidden
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Cenega)
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: 1.7 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Company of Heroes - Complete Edition (HKLM-x32\...\Company of Heroes - Complete Edition_is1) (Version: - )
Cossacks 3 (HKLM-x32\...\Cossacks 3_is1) (Version: - )
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - )
DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
ESET Security (HKLM\...\{0F462EFA-8AE8-4C2A-BC94-0AFFF17A8245}) (Version: 11.0.131.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 56.0.2 (x64 cs)) (Version: 56.0.2 - Mozilla)
PhotoFiltre 7 (HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\PhotoFiltre 7) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\WINDOWS\SysWOW64\ISCM64.dll [2015-02-27] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00F54EDA-3F3A-4B9B-A37D-77037F78924D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0DC258B2-25A3-465A-B26E-7CCF4BC8E06B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {19E9E63A-5E8A-4F0F-BEC5-9FCB31D385B1} - System32\Tasks\{E81033DA-F682-41E0-AE6A-3615443C6FB2} => C:\WINDOWS\system32\pcalua.exe -a F:\start.exe -d F:\ -c ar
Task: {31F78645-873F-46A8-A06E-FB3E1EE68AED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {5D76512A-4B4C-48DC-9DC6-F4883202BE98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {72E49D92-989F-4E3A-B678-B4D139FDFFE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {969C0F81-88A8-4E0D-997C-12A01A78604D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {A4BC427E-E709-4575-981B-B6A2BB92FACA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e1909e80319b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-27 11:41 - 2016-03-27 21:45 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-12 15:09 - 2015-02-27 14:38 - 000721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-08-29 03:19 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\C_zek\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "AutoKMS"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AutoKMS"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\StartupFolder: => "Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "!DefaultSetup"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "PC Remote Server"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{ED3E1E92-9846-49B2-9205-5336EA34A1B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F92D152-C607-40DA-A09C-9627C7D0BCFF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AA2E257-3E58-4D4F-9334-F700B555C2AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CF78BFF7-8A1B-46B2-8EFF-3B67B75EE90D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{494CA486-0257-4919-8768-6D7966B63954}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{4DB121F1-107C-44B5-822D-79465B86BC5A}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{63D2385C-1584-4DC0-9D26-94EFF02A1962}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{3E7FB636-E1FE-4868-AF0C-369CC6D7A297}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{8B770A10-6D9A-4A05-8FD5-EE58B164FB67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51AA04B7-8365-4C18-87C8-9041815C47F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{125704CA-6160-4310-B63D-89794CC5E8A6}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{39C5729A-8424-46C2-8765-C463B059E5E3}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{1A2AC509-0DB2-4D44-A7BD-2803FC4B1F9B}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{9F09C65F-2E85-43D9-834F-6E6291AC8AEC}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{255FC770-1CE4-4A9A-B824-FF80CBC5232F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
27-10-2017 02:07:12 Naplánovaný kontrolní bod
03-11-2017 21:40:24 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2017 09:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 3.0.0.1247, časové razítko: 0x59f37972
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18821, časové razítko: 0x59ba8666
Kód výjimky: 0xc0000142
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xe34
Čas spuštění chybující aplikace: 0x01d35bf217077e75
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: KERNELBASE.dll
ID zprávy: 58cd1772-c7e5-11e7-82d7-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/13/2017 03:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Název chybujícího modulu: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Kód výjimky: 0xc0000005
Posun chyby: 0x00115839
ID chybujícího procesu: 0x1318
Čas spuštění chybující aplikace: 0x01d3443346e7e383
Cesta k chybující aplikaci: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
ID zprávy: dea30aa2-b026-11e7-82d0-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/07/2017 12:14:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (10/07/2017 10:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PokerStarsUninstall.exe, verze: 1.2.0.0, časové razítko: 0x5839b81d
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18666, časové razítko: 0x58f32841
Kód výjimky: 0xe06d7363
Posun chyby: 0x00015608
ID chybujícího procesu: 0x1020
Čas spuštění chybující aplikace: 0x01d33f4ee60845a3
Cesta k chybující aplikaci: C:\Program Files (x86)\PokerStars.EU\PokerStarsUninstall.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
ID zprávy: 23d5182f-ab42-11e7-82c8-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd98
Čas spuštění chybující aplikace: 0x01d32fe97d76c08b
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.262\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: bbb71c6c-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xc98
Čas spuštění chybující aplikace: 0x01d32fe9315154d1
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.561\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: 6fa988dd-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:11:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd6c
Čas spuštění chybující aplikace: 0x01d32fe8c166b343
Cesta k chybující aplikaci: C:\Users\C_zek\Desktop\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: ffe9d2eb-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:11:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x12bc
Čas spuštění chybující aplikace: 0x01d32fe8b8ef7a30
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.606\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: fcae8460-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x7f4
Čas spuštění chybující aplikace: 0x01d32fe8af4cf6b5
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.397\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: eec7cd44-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:03:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xfa4
Čas spuštění chybující aplikace: 0x01d32fe7b0e1e599
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.562\VeryPDF Password Remover6.0 Crack Only\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: f33db08c-9bda-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (11/12/2017 09:19:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:10:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2017 06:02:11 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2017 06:01:41 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2017 04:38:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:08:44, 11. 11. 2017) bylo neočekávané.
==================== Memory info ===========================
Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 8145.95 MB
Available physical RAM: 6246.23 MB
Total Virtual: 16337.95 MB
Available Virtual: 14364.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.32 GB) (Free:702.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 543DAEF7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by C_zek (12-11-2017 21:26:58)
Running from C:\Users\C_zek\Desktop
Windows 8.1 (Update) (X64) (2015-04-01 18:13:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2640610849-859800793-2110194236-500 - Administrator - Disabled)
C_zek (S-1-5-21-2640610849-859800793-2110194236-1001 - Administrator - Enabled) => C:\Users\C_zek
Guest (S-1-5-21-2640610849-859800793-2110194236-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2640610849-859800793-2110194236-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Cenega) Hidden
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Cenega)
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: 1.7 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Company of Heroes - Complete Edition (HKLM-x32\...\Company of Heroes - Complete Edition_is1) (Version: - )
Cossacks 3 (HKLM-x32\...\Cossacks 3_is1) (Version: - )
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - )
DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
ESET Security (HKLM\...\{0F462EFA-8AE8-4C2A-BC94-0AFFF17A8245}) (Version: 11.0.131.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 56.0.2 (x64 cs)) (Version: 56.0.2 - Mozilla)
PhotoFiltre 7 (HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\PhotoFiltre 7) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\WINDOWS\SysWOW64\ISCM64.dll [2015-02-27] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00F54EDA-3F3A-4B9B-A37D-77037F78924D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0DC258B2-25A3-465A-B26E-7CCF4BC8E06B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {19E9E63A-5E8A-4F0F-BEC5-9FCB31D385B1} - System32\Tasks\{E81033DA-F682-41E0-AE6A-3615443C6FB2} => C:\WINDOWS\system32\pcalua.exe -a F:\start.exe -d F:\ -c ar
Task: {31F78645-873F-46A8-A06E-FB3E1EE68AED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {5D76512A-4B4C-48DC-9DC6-F4883202BE98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {72E49D92-989F-4E3A-B678-B4D139FDFFE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {969C0F81-88A8-4E0D-997C-12A01A78604D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {A4BC427E-E709-4575-981B-B6A2BB92FACA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e1909e80319b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-27 11:41 - 2016-03-27 21:45 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-12 15:09 - 2015-02-27 14:38 - 000721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-08-29 03:19 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\C_zek\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "AutoKMS"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AutoKMS"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\StartupFolder: => "Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "!DefaultSetup"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "PC Remote Server"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{ED3E1E92-9846-49B2-9205-5336EA34A1B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F92D152-C607-40DA-A09C-9627C7D0BCFF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AA2E257-3E58-4D4F-9334-F700B555C2AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CF78BFF7-8A1B-46B2-8EFF-3B67B75EE90D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{494CA486-0257-4919-8768-6D7966B63954}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{4DB121F1-107C-44B5-822D-79465B86BC5A}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{63D2385C-1584-4DC0-9D26-94EFF02A1962}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{3E7FB636-E1FE-4868-AF0C-369CC6D7A297}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{8B770A10-6D9A-4A05-8FD5-EE58B164FB67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51AA04B7-8365-4C18-87C8-9041815C47F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{125704CA-6160-4310-B63D-89794CC5E8A6}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{39C5729A-8424-46C2-8765-C463B059E5E3}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{1A2AC509-0DB2-4D44-A7BD-2803FC4B1F9B}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{9F09C65F-2E85-43D9-834F-6E6291AC8AEC}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{255FC770-1CE4-4A9A-B824-FF80CBC5232F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
27-10-2017 02:07:12 Naplánovaný kontrolní bod
03-11-2017 21:40:24 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2017 09:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 3.0.0.1247, časové razítko: 0x59f37972
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18821, časové razítko: 0x59ba8666
Kód výjimky: 0xc0000142
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xe34
Čas spuštění chybující aplikace: 0x01d35bf217077e75
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: KERNELBASE.dll
ID zprávy: 58cd1772-c7e5-11e7-82d7-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/13/2017 03:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Název chybujícího modulu: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Kód výjimky: 0xc0000005
Posun chyby: 0x00115839
ID chybujícího procesu: 0x1318
Čas spuštění chybující aplikace: 0x01d3443346e7e383
Cesta k chybující aplikaci: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
ID zprávy: dea30aa2-b026-11e7-82d0-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/07/2017 12:14:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (10/07/2017 10:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PokerStarsUninstall.exe, verze: 1.2.0.0, časové razítko: 0x5839b81d
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18666, časové razítko: 0x58f32841
Kód výjimky: 0xe06d7363
Posun chyby: 0x00015608
ID chybujícího procesu: 0x1020
Čas spuštění chybující aplikace: 0x01d33f4ee60845a3
Cesta k chybující aplikaci: C:\Program Files (x86)\PokerStars.EU\PokerStarsUninstall.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
ID zprávy: 23d5182f-ab42-11e7-82c8-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd98
Čas spuštění chybující aplikace: 0x01d32fe97d76c08b
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.262\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: bbb71c6c-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xc98
Čas spuštění chybující aplikace: 0x01d32fe9315154d1
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.561\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: 6fa988dd-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:11:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd6c
Čas spuštění chybující aplikace: 0x01d32fe8c166b343
Cesta k chybující aplikaci: C:\Users\C_zek\Desktop\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: ffe9d2eb-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:11:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x12bc
Čas spuštění chybující aplikace: 0x01d32fe8b8ef7a30
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.606\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: fcae8460-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x7f4
Čas spuštění chybující aplikace: 0x01d32fe8af4cf6b5
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.397\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: eec7cd44-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/17/2017 08:03:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xfa4
Čas spuštění chybující aplikace: 0x01d32fe7b0e1e599
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.562\VeryPDF Password Remover6.0 Crack Only\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: f33db08c-9bda-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (11/12/2017 09:19:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/12/2017 09:10:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2017 06:02:11 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2017 06:01:41 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/11/2017 04:38:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:08:44, 11. 11. 2017) bylo neočekávané.
==================== Memory info ===========================
Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 8145.95 MB
Available physical RAM: 6246.23 MB
Total Virtual: 16337.95 MB
Available Virtual: 14364.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.32 GB) (Free:702.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 543DAEF7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: Prosím o kontrolu
Napiste mi velikost adresare plochy (C:\Users\C_zek\Plocha) Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=_ ... smkt=en-us
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?