VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 02
Ran by ROCOR (administrator) on ROCOR-PC (12-02-2018 15:07:42)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(ALTAP) C:\Program Files (x86)\Altap Salamander\salamand.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-12]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 15:07 - 2018-02-12 15:07 - 000014242 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-12 14:20 - 2018-02-12 14:21 - 000112640 _____ (forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
2018-02-12 14:18 - 2018-02-12 14:18 - 002404864 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 12:25 - 2018-02-12 13:29 - 000000000 ____D C:\Users\ROCOR\Desktop\jungle_2018
2018-02-12 11:20 - 2018-02-12 11:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-12 15:07 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-12 15:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-12 15:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-12 12:27 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-12 11:20 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-11 11:22 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-10 20:53 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-10 20:53 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-10 20:53 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:47 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-10 20:47 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-10 20:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini

Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-10 20:47 - 000192512 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-10 20:47 - 000158720 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 21:45

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:20.39 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:44 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32

Available physical RAM: 6605.3 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 18%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ROCOR\Desktop" je 63312 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner 7.0.8.0 - Logfile created on Tue Feb 13 05:24:43 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKU\S-1-5-21-866583909-2925738967-381583198-1000\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1167 B] - [2018/2/13 5:24:2]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by ROCOR (administrator) on ROCOR-PC (13-02-2018 13:09:01)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRST-OlderVersion\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-13]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-13 13:09 - 2018-02-13 13:09 - 000014073 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-13 13:08 - 2018-02-13 13:08 - 000000000 ____D C:\Users\ROCOR\Desktop\FRST-OlderVersion
2018-02-13 06:23 - 2018-02-13 06:24 - 000000000 ____D C:\AdwCleaner
2018-02-12 14:18 - 2018-02-13 13:08 - 002405376 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 11:20 - 2018-02-13 06:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-13 13:09 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-13 13:07 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-13 13:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-13 12:33 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-13 06:31 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-13 06:31 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-13 06:31 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-13 06:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:25 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-13 06:25 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-13 06:25 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-13 06:21 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini

Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-13 06:25 - 000192512 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-13 06:25 - 000158720 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 21:45

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:19.96 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:40.52 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32

Available physical RAM: 6695.16 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 17%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ROCOR\Desktop" je 63349 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\Users\ROCOR\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\ROCOR\Desktop" je 63349 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\ROCOR novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by ROCOR (13-02-2018 14:18:19) Run:3
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\Users\ROCOR\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully

"C:\Users\ROCOR\AppData\Local\Temp" folder move:

Could not move "C:\Users\ROCOR\AppData\Local\Temp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11240568 B
Java, Flash, Steam htmlcache => 740925479 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 182473427 B
Opera => 182272 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
ROCOR => 3006331 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 902.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-02-2018 14:19:06)

C:\Users\ROCOR\AppData\Local\Temp => moved successfully

==== End of Fixlog 14:19:06 ====

Smazáno. Nastala něajká změna?

co sem zjistil tak nešly prohlížet fotky pomocí windows prohlížeče, takže sem stáhnul irfanview a zas jdou pomocí toho windows prohlížeče...

Určitě není na škodu. Irfan je fajn, sám ho používám. Myslel jsem ale tu hlášku o zablokování.

jo

už tam nevyskakuje, zatím to vypadá dobře

tak díky moc!

Rádo se stalo!

VIRY.CZ

prosím o kontrolu, vyskočila na mě hláška o zablokování pc

prosím o kontrolu, vyskočila na mě hláška o zablokování pc

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování

Re: prosím o kontrolu, vyskočila na mě hláška o zablokování