VIRY.CZ

Zdavím, poslední dobou je pomalejší PC. Hlavně prohlížeč, prosím o radu na zrychlení.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017
Ran by C_zek (administrator) on RADEK (12-11-2017 04:10:54)
Running from C:\Users\C_zek\Downloads
Loaded Profiles: C_zek (Available Profiles: C_zek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [323328 2017-11-11] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {7d195d32-6c2b-11e4-8266-bc5ff4805ef3} - "F:\Autorun.exe"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {bce32d59-fea8-11e4-825a-bc5ff4805ef3} - "G:\startme.exe"
Startup: C:\Users\C_zek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-08-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23243872-6C07-4495-A3A0-E43E47A99E8F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2640610849-859800793-2110194236-1001 -> {BB2B34E3-F21D-47F5-A6F5-21038A3406FB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF DefaultProfile: pfk9j87o.default
FF ProfilePath: C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\pfk9j87o.default -> hxxps://www.seznam.cz/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (uBlock Origin) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-08]
FF Extension: (Adblock Plus) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-11-12]
FF Extension: (Fixing the geo timeline) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\features\{e1c3c710-51f9-40e4-9a10-841de946a1fd}\timecop@mozilla.com.xpi [2017-11-11]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default [2017-11-05]
CHR Extension: (Prezentace Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-19]
CHR Extension: (Proxmate) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-09]
CHR Extension: (Gmail) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR HKU\S-1-5-21-2640610849-859800793-2110194236-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-11] (ESET)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-25] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-05] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-07-28] (Sony Mobile Communications)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 04:10 - 2017-11-12 04:11 - 000012312 _____ C:\Users\C_zek\Downloads\FRST.txt
2017-11-12 04:10 - 2017-11-12 04:10 - 000000000 ____D C:\FRST
2017-11-12 04:09 - 2017-11-12 04:09 - 002392576 _____ (Farbar) C:\Users\C_zek\Downloads\FRST64.exe
2017-11-07 23:15 - 2017-11-07 23:16 - 000000000 ____D C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720.WEBRip
2017-11-07 23:15 - 2017-11-07 23:15 - 000019681 _____ C:\Users\C_zek\Downloads\[CzT]Bon_Cop_Bad_Cop_2_2017_Webrip_720p_.torrent
2017-11-05 23:58 - 2017-11-05 23:59 - 000000000 ____D C:\Users\C_zek\Desktop\Čtení
2017-11-05 23:26 - 2017-11-07 00:11 - 000002351 _____ C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720p.BluRay.H264.AAC-RARBG.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 04:10 - 2016-11-19 05:38 - 000000000 ____D C:\Users\C_zek\AppData\LocalLow\Mozilla
2017-11-11 22:39 - 2016-03-28 15:16 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-11 22:39 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-11-11 17:11 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-11 16:44 - 2015-04-01 19:16 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 16:44 - 2013-08-22 23:08 - 000733268 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-11 16:44 - 2013-08-22 23:08 - 000148614 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-11 16:44 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-11 16:38 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 14:50 - 2015-04-01 19:11 - 000000000 ____D C:\Users\C_zek
2017-11-11 04:13 - 2016-11-12 14:50 - 000000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-11-08 13:13 - 2015-04-02 19:08 - 000000000 ____D C:\Users\C_zek\AppData\Roaming\uTorrent
2017-11-05 22:20 - 2015-12-26 00:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-05 20:40 - 2017-09-19 09:05 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-05 05:44 - 2015-04-01 19:23 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2640610849-859800793-2110194236-1001
2017-11-03 19:13 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-29 11:18 - 2015-05-01 11:42 - 000000000 ____D C:\KMPlayer
2017-10-29 11:13 - 2016-10-21 06:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-25 15:30 - 2016-08-29 03:03 - 000004372 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 01:30 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 20:12 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-09-26 12:31 - 2015-09-26 12:31 - 000000026 _____ () C:\Users\C_zek\AppData\Local\isoworkshop.ini
2015-05-22 19:06 - 2015-05-22 19:07 - 028684424 _____ (Sony Mobile Communications ) C:\Users\C_zek\AppData\Local\pcc.exe

Files to move or delete:
====================
C:\Users\C_zek\license.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-14 20:35

==================== End of FRST.txt ============================

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Tady to je:

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 12 11:57:29 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-10-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

------------------------------------------------------------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 12.11.17
Čas skenování: 13:07
Logovací soubor: 0f1592fa-c7a2-11e7-a16f-bc5ff4805ef3.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.236
Aktualizovat verzi balíku komponent: 1.0.3235
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Radek\C_zek

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 344263
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 2 hod, 44 min, 41 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
RiskWare.GameHack, C:\HRY\COD - ADVANCED WARFARE\STEAM_API64.DLL, Žádná uživatelská akce, [455], [305544],1.0.3235
RiskWare.GameHack.Steam, C:\HRY\COD - ADVANCED WARFARE\STEAMCLIENT.DLL, Žádná uživatelská akce, [679], [311644],1.0.3235
HackTool.Agent.Steam, C:\PROGRAM FILES\DIRT RALLY\STEAM_APIR.DLL, Žádná uživatelská akce, [1508], [24633],1.0.3235
Trojan.PasswordStealer, C:\PROGRAM FILES (X86)\ACTIVISION\CALL OF DUTY - WORLD AT WAR\COD5BOT.EXE, Žádná uživatelská akce, [53], [279531],1.0.3235
HackTool.Agent, C:\PROGRAM FILES (X86)\RELIC ENTERTAINMENT\COMPANY OF HEROES - COMPLETE EDITION\STEAM_API.DLL, Žádná uživatelská akce, [449], [85886],1.0.3235

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Log z ADWCleaneru je jen po skenu. Nechal jste nalezy odstranit?

Nalezy MBAM doporucuji odstranit, pak MBAM odinstalujte.

Dejte nove logy z FRST podle tohoto navodu https://forum.viry.cz/viewtopic.php?f=13&t=152707 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

Tady je FRST, nálezy sem odstranil:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by C_zek (administrator) on RADEK (12-11-2017 21:26:16)
Running from C:\Users\C_zek\Desktop
Loaded Profiles: C_zek (Available Profiles: C_zek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [323328 2017-11-11] (ESET)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {7d195d32-6c2b-11e4-8266-bc5ff4805ef3} - "F:\Autorun.exe"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\MountPoints2: {bce32d59-fea8-11e4-825a-bc5ff4805ef3} - "G:\startme.exe"
Startup: C:\Users\C_zek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-08-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23243872-6C07-4495-A3A0-E43E47A99E8F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2640610849-859800793-2110194236-1001 -> {BB2B34E3-F21D-47F5-A6F5-21038A3406FB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF DefaultProfile: pfk9j87o.default
FF ProfilePath: C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\pfk9j87o.default -> hxxps://www.seznam.cz/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08]
FF Extension: (uBlock Origin) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-08]
FF Extension: (Adblock Plus) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\C_zek\AppData\Roaming\Mozilla\Firefox\Profiles\pfk9j87o.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-11-12]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-11-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Prezentace Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-19]
CHR Extension: (Proxmate) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2017-08-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-09]
CHR Extension: (Gmail) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\C_zek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-19]
CHR HKU\S-1-5-21-2640610849-859800793-2110194236-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-11] (ESET)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2016-10-25] (DT Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [133856 2017-11-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-05] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-05] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-07-28] (Sony Mobile Communications)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 21:26 - 2017-11-12 21:26 - 000012614 _____ C:\Users\C_zek\Desktop\FRST.txt
2017-11-12 21:25 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Downloads\FRST64(1).exe
2017-11-12 21:25 - 2017-11-12 21:25 - 000000000 ____D C:\Users\C_zek\Desktop\FRST-OlderVersion
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2017-11-12 16:16 - 2017-11-12 16:22 - 4032200704 _____ C:\Users\C_zek\Downloads\Call.of.Duty.WWII.iso
2017-11-12 16:14 - 2017-11-12 16:14 - 000326906 _____ C:\Users\C_zek\Downloads\[CzT]Call_of_Duty_WWII_2017_.torrent
2017-11-12 13:04 - 2017-11-12 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-12 12:55 - 2017-11-12 21:16 - 000000000 ____D C:\AdwCleaner
2017-11-12 12:53 - 2017-11-12 12:53 - 078346672 _____ (Malwarebytes ) C:\Users\C_zek\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-12 04:11 - 2017-11-12 04:12 - 000027028 _____ C:\Users\C_zek\Downloads\Addition.txt
2017-11-12 04:10 - 2017-11-12 21:26 - 000000000 ____D C:\FRST
2017-11-12 04:10 - 2017-11-12 04:12 - 000017133 _____ C:\Users\C_zek\Downloads\FRST.txt
2017-11-12 04:09 - 2017-11-12 21:25 - 002392576 _____ (Farbar) C:\Users\C_zek\Desktop\FRST64.exe
2017-11-07 23:15 - 2017-11-07 23:16 - 000000000 ____D C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720.WEBRip
2017-11-07 23:15 - 2017-11-07 23:15 - 000019681 _____ C:\Users\C_zek\Downloads\[CzT]Bon_Cop_Bad_Cop_2_2017_Webrip_720p_.torrent
2017-11-05 23:58 - 2017-11-05 23:59 - 000000000 ____D C:\Users\C_zek\Desktop\Čtení
2017-11-05 23:26 - 2017-11-07 00:11 - 000002351 _____ C:\Users\C_zek\Downloads\Bon.Cop.Bad.Cop.2.2017.720p.BluRay.H264.AAC-RARBG.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 21:22 - 2015-04-01 19:23 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2640610849-859800793-2110194236-1001
2017-11-12 21:21 - 2015-04-01 19:16 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 21:21 - 2013-08-22 23:08 - 000733268 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-12 21:21 - 2013-08-22 23:08 - 000148614 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-12 21:21 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-12 21:18 - 2016-11-19 05:38 - 000000000 ____D C:\Users\C_zek\AppData\LocalLow\Mozilla
2017-11-12 21:17 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 21:08 - 2016-10-31 10:18 - 000000000 ____D C:\Program Files\DiRT Rally
2017-11-12 21:07 - 2015-04-01 19:11 - 000000000 ____D C:\Users\C_zek
2017-11-12 16:16 - 2015-04-02 19:08 - 000000000 ____D C:\Users\C_zek\AppData\Roaming\uTorrent
2017-11-11 22:39 - 2016-03-28 15:16 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-11-11 22:39 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-11-11 17:11 - 2015-09-27 11:41 - 000281872 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-11-11 04:13 - 2016-11-12 14:50 - 000000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-11-05 22:20 - 2015-12-26 00:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-05 20:40 - 2017-09-19 09:05 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000133856 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-05 20:40 - 2017-07-25 14:43 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-03 19:13 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-29 11:18 - 2015-05-01 11:42 - 000000000 ____D C:\KMPlayer
2017-10-29 11:13 - 2016-10-21 06:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-25 15:30 - 2016-08-29 03:03 - 000004372 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 01:30 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 20:12 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-09-26 12:31 - 2015-09-26 12:31 - 000000026 _____ () C:\Users\C_zek\AppData\Local\isoworkshop.ini
2017-11-12 21:23 - 2017-11-12 21:24 - 000029696 _____ () C:\Users\C_zek\AppData\Local\MSGBOX.EXE
2015-05-22 19:06 - 2015-05-22 19:07 - 028684424 _____ (Sony Mobile Communications ) C:\Users\C_zek\AppData\Local\pcc.exe

Files to move or delete:
====================
C:\Users\C_zek\license.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-14 20:35

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by C_zek (12-11-2017 21:26:58)
Running from C:\Users\C_zek\Desktop
Windows 8.1 (Update) (X64) (2015-04-01 18:13:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2640610849-859800793-2110194236-500 - Administrator - Disabled)
C_zek (S-1-5-21-2640610849-859800793-2110194236-1001 - Administrator - Enabled) => C:\Users\C_zek
Guest (S-1-5-21-2640610849-859800793-2110194236-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2640610849-859800793-2110194236-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Cenega) Hidden
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Cenega)
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: 1.7 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version: - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Company of Heroes - Complete Edition (HKLM-x32\...\Company of Heroes - Complete Edition_is1) (Version: - )
Cossacks 3 (HKLM-x32\...\Cossacks 3_is1) (Version: - )
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - )
DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
ESET Security (HKLM\...\{0F462EFA-8AE8-4C2A-BC94-0AFFF17A8245}) (Version: 11.0.131.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 56.0.2 (x64 cs)) (Version: 56.0.2 - Mozilla)
PhotoFiltre 7 (HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\PhotoFiltre 7) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\WINDOWS\SysWOW64\ISCM64.dll [2015-02-27] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-11] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-06-19] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-06-19] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F54EDA-3F3A-4B9B-A37D-77037F78924D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0DC258B2-25A3-465A-B26E-7CCF4BC8E06B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {19E9E63A-5E8A-4F0F-BEC5-9FCB31D385B1} - System32\Tasks\{E81033DA-F682-41E0-AE6A-3615443C6FB2} => C:\WINDOWS\system32\pcalua.exe -a F:\start.exe -d F:\ -c ar
Task: {31F78645-873F-46A8-A06E-FB3E1EE68AED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {5D76512A-4B4C-48DC-9DC6-F4883202BE98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {72E49D92-989F-4E3A-B678-B4D139FDFFE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {969C0F81-88A8-4E0D-997C-12A01A78604D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {A4BC427E-E709-4575-981B-B6A2BB92FACA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e1909e80319b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-27 11:41 - 2016-03-27 21:45 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-12 15:09 - 2015-02-27 14:38 - 000721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2012-08-06 11:24 - 2012-08-06 11:24 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-08-29 03:19 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2640610849-859800793-2110194236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\C_zek\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "AutoKMS"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AutoKMS"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\StartupFolder: => "Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "!DefaultSetup"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "PC Remote Server"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-2640610849-859800793-2110194236-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ED3E1E92-9846-49B2-9205-5336EA34A1B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F92D152-C607-40DA-A09C-9627C7D0BCFF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AA2E257-3E58-4D4F-9334-F700B555C2AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CF78BFF7-8A1B-46B2-8EFF-3B67B75EE90D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{494CA486-0257-4919-8768-6D7966B63954}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{4DB121F1-107C-44B5-822D-79465B86BC5A}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{63D2385C-1584-4DC0-9D26-94EFF02A1962}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{3E7FB636-E1FE-4868-AF0C-369CC6D7A297}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{8B770A10-6D9A-4A05-8FD5-EE58B164FB67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51AA04B7-8365-4C18-87C8-9041815C47F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{125704CA-6160-4310-B63D-89794CC5E8A6}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{39C5729A-8424-46C2-8765-C463B059E5E3}C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\c_zek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{1A2AC509-0DB2-4D44-A7BD-2803FC4B1F9B}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{9F09C65F-2E85-43D9-834F-6E6291AC8AEC}] => (Allow) C:\Users\C_zek\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{255FC770-1CE4-4A9A-B824-FF80CBC5232F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-10-2017 02:07:12 Naplánovaný kontrolní bod
03-11-2017 21:40:24 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2017 09:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 3.0.0.1247, časové razítko: 0x59f37972
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18821, časové razítko: 0x59ba8666
Kód výjimky: 0xc0000142
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xe34
Čas spuštění chybující aplikace: 0x01d35bf217077e75
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: KERNELBASE.dll
ID zprávy: 58cd1772-c7e5-11e7-82d7-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/13/2017 03:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Název chybujícího modulu: VideoConverterUltimate.exe, verze: 5.8.0.1, časové razítko: 0x563181ef
Kód výjimky: 0xc0000005
Posun chyby: 0x00115839
ID chybujícího procesu: 0x1318
Čas spuštění chybující aplikace: 0x01d3443346e7e383
Cesta k chybující aplikaci: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\iSkysoft\iMedia Converter Deluxe\VideoConverterUltimate.exe
ID zprávy: dea30aa2-b026-11e7-82d0-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/07/2017 12:14:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (10/07/2017 10:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PokerStarsUninstall.exe, verze: 1.2.0.0, časové razítko: 0x5839b81d
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18666, časové razítko: 0x58f32841
Kód výjimky: 0xe06d7363
Posun chyby: 0x00015608
ID chybujícího procesu: 0x1020
Čas spuštění chybující aplikace: 0x01d33f4ee60845a3
Cesta k chybující aplikaci: C:\Program Files (x86)\PokerStars.EU\PokerStarsUninstall.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
ID zprávy: 23d5182f-ab42-11e7-82c8-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd98
Čas spuštění chybující aplikace: 0x01d32fe97d76c08b
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.262\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: bbb71c6c-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xc98
Čas spuštění chybující aplikace: 0x01d32fe9315154d1
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.561\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: 6fa988dd-9bdc-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:11:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xd6c
Čas spuštění chybující aplikace: 0x01d32fe8c166b343
Cesta k chybující aplikaci: C:\Users\C_zek\Desktop\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: ffe9d2eb-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:11:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x12bc
Čas spuštění chybující aplikace: 0x01d32fe8b8ef7a30
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.606\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: fcae8460-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x7f4
Čas spuštění chybující aplikace: 0x01d32fe8af4cf6b5
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.397\VeryPDF PDF Password Remover 6.0 + Crcak\Crack\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: eec7cd44-9bdb-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/17/2017 08:03:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: winDecrypt.exe, verze: 4.0.0.1, časové razítko: 0x58fbf85a
Název chybujícího modulu: SkinMagic.dll, verze: 6.3.9600.18725, časové razítko: 0x593806da
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0xfa4
Čas spuštění chybující aplikace: 0x01d32fe7b0e1e599
Cesta k chybující aplikaci: C:\Users\C_zek\AppData\Local\Temp\Rar$EXa0.562\VeryPDF Password Remover6.0 Crack Only\winDecrypt.exe
Cesta k chybujícímu modulu: SkinMagic.dll
ID zprávy: f33db08c-9bda-11e7-82c6-bc5ff4805ef3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

System errors:
=============
Error: (11/12/2017 09:19:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/12/2017 09:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/12/2017 09:10:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2017 06:02:11 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/12/2017 06:01:41 PM) (Source: DCOM) (EventID: 10010) (User: Radek)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/11/2017 04:38:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:08:44, ‎11. ‎11. ‎2017) bylo neočekávané.

==================== Memory info ===========================

Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 8145.95 MB
Available physical RAM: 6246.23 MB
Total Virtual: 16337.95 MB
Available Virtual: 14364.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.32 GB) (Free:702.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 543DAEF7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Napiste mi velikost adresare plochy (C:\Users\C_zek\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()

Handler: WSISAllmytubechrome - No CLSID Value
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=_ ... smkt=en-us

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf837be140fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu