Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu, vyskočila na mě hláška o zablokování pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
prosím o kontrolu, vyskočila na mě hláška o zablokování pc
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 02
Ran by ROCOR (administrator) on ROCOR-PC (12-02-2018 15:07:42)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(ALTAP) C:\Program Files (x86)\Altap Salamander\salamand.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-12]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-12 15:07 - 2018-02-12 15:07 - 000014242 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-12 14:20 - 2018-02-12 14:21 - 000112640 _____ (forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
2018-02-12 14:18 - 2018-02-12 14:18 - 002404864 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 12:25 - 2018-02-12 13:29 - 000000000 ____D C:\Users\ROCOR\Desktop\jungle_2018
2018-02-12 11:20 - 2018-02-12 11:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-12 15:07 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-12 15:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-12 15:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-12 12:27 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-12 11:20 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-11 11:22 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-10 20:53 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-10 20:53 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-10 20:53 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:47 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-10 20:47 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-10 20:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini
Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-10 20:47 - 000192512 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-10 20:47 - 000158720 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 21:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.79 GB) (Free:20.39 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:44 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32
Available physical RAM: 6605.3 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 18%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\ROCOR\Desktop" je 63312 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by ROCOR (administrator) on ROCOR-PC (12-02-2018 15:07:42)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(ALTAP) C:\Program Files (x86)\Altap Salamander\salamand.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-12]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-12 15:07 - 2018-02-12 15:07 - 000014242 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-12 14:20 - 2018-02-12 14:21 - 000112640 _____ (forum.viry.cz) C:\Users\ROCOR\Desktop\FRSTLauncher.exe
2018-02-12 14:18 - 2018-02-12 14:18 - 002404864 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 12:25 - 2018-02-12 13:29 - 000000000 ____D C:\Users\ROCOR\Desktop\jungle_2018
2018-02-12 11:20 - 2018-02-12 11:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-12 15:07 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-12 15:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-12 15:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-12 12:27 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-12 11:20 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-11 11:22 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-10 20:53 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-10 20:53 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-10 20:53 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:52 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 20:47 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-10 20:47 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-10 20:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini
Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-10 20:47 - 000192512 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-10 20:47 - 000158720 ____N () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 21:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.79 GB) (Free:20.39 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:44 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32
Available physical RAM: 6605.3 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 18%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\ROCOR\Desktop" je 63312 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
# AdwCleaner 7.0.8.0 - Logfile created on Tue Feb 13 05:24:43 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKU\S-1-5-21-866583909-2925738967-381583198-1000\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1167 B] - [2018/2/13 5:24:2]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKU\S-1-5-21-866583909-2925738967-381583198-1000\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1167 B] - [2018/2/13 5:24:2]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by ROCOR (administrator) on ROCOR-PC (13-02-2018 13:09:01)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRST-OlderVersion\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-13]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 13:09 - 2018-02-13 13:09 - 000014073 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-13 13:08 - 2018-02-13 13:08 - 000000000 ____D C:\Users\ROCOR\Desktop\FRST-OlderVersion
2018-02-13 06:23 - 2018-02-13 06:24 - 000000000 ____D C:\AdwCleaner
2018-02-12 14:18 - 2018-02-13 13:08 - 002405376 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 11:20 - 2018-02-13 06:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 13:09 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-13 13:07 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-13 13:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-13 12:33 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-13 06:31 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-13 06:31 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-13 06:31 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-13 06:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:25 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-13 06:25 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-13 06:25 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-13 06:21 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini
Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-13 06:25 - 000192512 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-13 06:25 - 000158720 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 21:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.79 GB) (Free:19.96 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:40.52 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32
Available physical RAM: 6695.16 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 17%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\ROCOR\Desktop" je 63349 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by ROCOR (administrator) on ROCOR-PC (13-02-2018 13:09:01)
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\runservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Learsy) C:\Program Files (x86)\MuralPix\MpAgent.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(forum.viry.cz) C:\Users\ROCOR\Desktop\FRST-OlderVersion\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [MuralPixAgent] => C:\Program Files (x86)\MuralPix\MpAgent.exe [102400 2006-12-30] (Learsy)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-866583909-2925738967-381583198-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-866583909-2925738967-381583198-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MuralPix.scr [106496 2006-12-30] (Learsy)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Tcpip\..\Interfaces\{5D68AF5B-E0C1-4DEB-9DFF-C6D54AEF83C0}: [DhcpNameServer] 192.168.5.1 172.21.1.1 172.21.1.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default [2018-02-13]
FF Homepage: Mozilla\Firefox\Profiles\btckirlh.default -> hxxp://www.vinaturae.com/eshop/authentication. ... istory.php
FF NetworkProxy: Mozilla\Firefox\Profiles\btckirlh.default -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\btckirlh.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu (bez diakritiky)) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs2@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-13] [Legacy]
FF Extension: (ImageBlock) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\imageblock@hemantvats.com.xpi [2016-04-04] [Legacy]
FF Extension: (NASA Night Launch) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\nasanightlaunch@example.com.xpi [2016-11-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-07] [Legacy]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (Session Manager) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Flash Game Maximizer) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{258735dc-6743-4805-95fc-f95941fffdad}.xpi [2016-04-28] [Legacy]
FF Extension: (EPUBReader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19] [Legacy]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (BitComet Video Downloader) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2014-12-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3) [2014-12-20] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF Extension: (Tab Mix Plus) - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\bratrstvnet.xml [2018-01-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\doplky-pro-firefox.xml [2014-05-02]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\imdb.xml [2018-01-04]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\opensubtitles.xml [2015-10-06]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\sfd.xml [2018-01-03]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\uloto.xml [2015-10-22]
FF SearchPlugin: C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\btckirlh.default\searchplugins\vyhledvn-vide-ve-slub-youtube.xml [2015-08-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2014-10-08] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)
S3 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-13] (Disc Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-12-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-12-19] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MZ_USBAUDIO; C:\Windows\System32\drivers\mz_usbaudio.sys [144896 2013-05-14] (D&M Holdings Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 13:09 - 2018-02-13 13:09 - 000014073 _____ C:\Users\ROCOR\Desktop\FRST.txt
2018-02-13 13:08 - 2018-02-13 13:08 - 000000000 ____D C:\Users\ROCOR\Desktop\FRST-OlderVersion
2018-02-13 06:23 - 2018-02-13 06:24 - 000000000 ____D C:\AdwCleaner
2018-02-12 14:18 - 2018-02-13 13:08 - 002405376 _____ (Farbar) C:\Users\ROCOR\Desktop\FRST64.exe
2018-02-12 11:20 - 2018-02-13 06:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-11 15:57 - 2018-02-11 16:03 - 000000000 ____D C:\Houba
2018-02-09 09:31 - 2018-02-09 09:31 - 000000000 ____D C:\MUSIC lll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 13:09 - 2016-04-10 08:55 - 000000000 ____D C:\FRST
2018-02-13 13:07 - 2016-11-26 14:19 - 000000000 ___RD C:\Users\ROCOR\Desktop\LulanT
2018-02-13 13:07 - 2014-05-22 15:21 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\uTorrent
2018-02-13 12:33 - 2014-05-23 06:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-02-13 06:31 - 2011-04-12 09:34 - 000648690 _____ C:\Windows\system32\perfh005.dat
2018-02-13 06:31 - 2011-04-12 09:34 - 000133548 _____ C:\Windows\system32\perfc005.dat
2018-02-13 06:31 - 2009-07-14 06:13 - 001527778 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-13 06:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:30 - 2009-07-14 05:45 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-13 06:25 - 2014-12-29 18:22 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-02-13 06:25 - 2014-10-08 12:37 - 000001369 ___SH C:\Windows\SysWOW64\mmf.sys
2018-02-13 06:25 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-13 06:21 - 2014-12-20 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-12 12:26 - 2014-05-22 06:13 - 000000000 ____D C:\Users\ROCOR\AppData\Roaming\foobar2000
2018-02-11 21:32 - 2014-08-09 06:35 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFE319C7-2C57-4D09-B67B-1589BD45581B}
2018-02-11 16:06 - 2014-05-22 13:03 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-10 20:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-07 19:46 - 2014-05-22 05:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 19:46 - 2014-05-22 05:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 19:46 - 2014-05-22 05:59 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 19:46 - 2014-05-22 05:59 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2014-05-22 06:02 - 2014-05-22 06:02 - 000000600 _____ () C:\Users\ROCOR\AppData\Roaming\winscp.rnd
2014-08-10 10:22 - 2014-08-10 10:22 - 000000058 _____ () C:\Users\ROCOR\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-05-23 20:30 - 2016-04-11 14:20 - 000007632 _____ () C:\Users\ROCOR\AppData\Local\Resmon.ResmonCfg
2014-05-24 17:48 - 2014-05-24 17:48 - 000000003 _____ () C:\Users\ROCOR\AppData\Local\user_data.ini
Some files in TEMP:
====================
2014-12-19 20:19 - 2018-02-13 06:25 - 000192512 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfamcc00001.dll
2018-02-02 01:45 - 2018-02-13 06:25 - 000158720 _____ () C:\Users\ROCOR\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 21:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.79 GB) (Free:19.96 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:40.52 GB) NTFS
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:3.55 GB) FAT32
Available physical RAM: 6695.16 MB
Total physical RAM: 8076.4 MB
Percentage of memory in use: 17%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0BA592B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5814E5E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 465.8 GB) (Disk ID: A345F4C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\ROCOR\Desktop" je 63349 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ROCOR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MpManag.lnk
C:\PROGRA~2\MuralPix\MpManag.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\Users\ROCOR\AppData\Local\Temp
EmptyTemp:
End
Z logu:
To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\ROCOR novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\ROCOR\Desktop" je 63349 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by ROCOR (13-02-2018 14:18:19) Run:3
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\Users\ROCOR\AppData\Local\Temp
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"C:\Users\ROCOR\AppData\Local\Temp" folder move:
Could not move "C:\Users\ROCOR\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11240568 B
Java, Flash, Steam htmlcache => 740925479 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 182473427 B
Opera => 182272 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
ROCOR => 3006331 B
UpdatusUser => 0 B
RecycleBin => 0 B
EmptyTemp: => 902.7 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-02-2018 14:19:06)
C:\Users\ROCOR\AppData\Local\Temp => moved successfully
==== End of Fixlog 14:19:06 ====
Ran by ROCOR (13-02-2018 14:18:19) Run:3
Running from C:\Users\ROCOR\Desktop
Loaded Profiles: ROCOR (Available Profiles: ROCOR)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\Users\ROCOR\AppData\Local\Temp
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"C:\Users\ROCOR\AppData\Local\Temp" folder move:
Could not move "C:\Users\ROCOR\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11240568 B
Java, Flash, Steam htmlcache => 740925479 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 182473427 B
Opera => 182272 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
ROCOR => 3006331 B
UpdatusUser => 0 B
RecycleBin => 0 B
EmptyTemp: => 902.7 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-02-2018 14:19:06)
C:\Users\ROCOR\AppData\Local\Temp => moved successfully
==== End of Fixlog 14:19:06 ====
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Smazáno. Nastala něajká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
co sem zjistil tak nešly prohlížet fotky pomocí windows prohlížeče, takže sem stáhnul irfanview a zas jdou pomocí toho windows prohlížeče...
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Určitě není na škodu. Irfan je fajn, sám ho používám. Myslel jsem ale tu hlášku o zablokování.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
jo už tam nevyskakuje, zatím to vypadá dobře
tak díky moc!
tak díky moc!
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu, vyskočila na mě hláška o zablokování
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.