windows script host

Zpráva

blaider1 · #1 Příspěvek od **blaider1** » 31 kvě 2017 18:03

Zdravím , obraciam sa so žiadosťou o pomoc, pred pár dňami som potreboval vytlačiť veľké množstvo papierov tak som zašiel do firmy kde ponúkajú také služby, neskor som zistil že usb sa nakazilo virusom samozrejme aj pc, Microsoft esensial neobjavil nič . cez nod32 scan som virusy našiel a odstránil a usb naformátoval . avšak po odstránení vírusov cez nod, sa mi niečo asi poškodilo a neustále mi hlási hlášku windows script host "C:/users/uzivatel/appdata/roaming/microsoftsearchindexerexer" sa nedá nájsť. skúšal som tento proce sukončiť poprípadne zakázať cez registry avšak neuspešne vtedy sa hláška iba zmenila že searchindexer je zakázaný . hlášku vypnem o pár sekund je to znova a je to dost otravne, pomože mi niekto z toho ? Pripájam scan z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by dado (administrator) on DADO-PC (31-05-2017 18:53:28)
Running from C:\Users\dado\Desktop
Loaded Profiles: dado (Available Profiles: dado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3031664 2011-04-06] (VIA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [uTorrent] => C:\Users\dado\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83409282-9345-4BDD-A9CF-B3C2ADFC8C92}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v sieti Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2048779508-4136272637-3483633514-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dado\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found]

Chrome:
=======
CHR StartupUrls: Profile 5 -> "hxxp://www.google.sk/"
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (YouTube) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-25]
CHR Extension: (video downloader) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkkdjcofableihebmbkiegidgoekafg [2014-06-19]
CHR Extension: (Adobe Acrobat – Vytvoriť PDF) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-29]
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-25]
CHR Extension: (Ostrov Thassos - pohľad na more - Grécko.) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljilfhnlofcfncmfgdnjkpglaailab [2014-08-03]
CHR Extension: (Gmail) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-25]
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-02-05] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-21] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-28] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-03-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-03-28] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S1 MpKsl0dda3e80; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62292CC5-0AD9-4BD4-88D8-CB901D1BF20B}\MpKsl0dda3e80.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 18:53 - 2017-05-31 18:55 - 00019619 _____ C:\Users\dado\Desktop\FRST.txt
2017-05-30 19:35 - 2017-05-30 19:35 - 00003562 _____ C:\Windows\System32\Tasks\Google Update 8.3
2017-05-30 19:35 - 2017-05-30 19:35 - 00000000 ____D C:\Users\dado\AppData\Roaming\Google Update 8.3
2017-05-30 19:35 - 2017-05-30 19:35 - 00000000 ____D C:\Users\dado\AppData\Local\minergate-cli
2017-05-30 15:47 - 2017-05-30 15:47 - 00000000 ____D C:\Users\dado\AppData\Local\ESET
2017-05-30 15:46 - 2017-05-30 15:47 - 06754944 _____ (ESET spol. s r.o.) C:\Users\dado\Downloads\esetonlinescanner_enu.exe
2017-05-30 15:41 - 2017-05-30 15:41 - 00361452 _____ C:\Users\dado\Downloads\FBI_sablona (2).pptx
2017-05-30 15:41 - 2017-05-30 15:41 - 00361452 _____ C:\Users\dado\Downloads\FBI_sablona (1).pptx
2017-05-30 15:28 - 2017-05-30 15:28 - 00003590 _____ C:\Windows\System32\Tasks\MicrosoftSearchIndexer
2017-05-29 10:05 - 2017-05-29 10:05 - 00187215 _____ C:\Users\dado\Downloads\V000002 (2).zip
2017-05-28 20:27 - 2017-05-28 20:27 - 00019612 _____ C:\Users\dado\Downloads\[CzT]Vsechno_nebo_nic_2017_CZ_.torrent
2017-05-28 20:16 - 2017-05-28 20:16 - 00018054 _____ C:\Users\dado\Downloads\[CzT]John_Wick_2_John_Wick_Chapter_Two_2017_WebRip_.torrent
2017-05-28 20:09 - 2017-05-28 20:09 - 00159682 _____ C:\Users\dado\Downloads\[CzT]Velka_cinska_zed_The_Great_Wall_2016_CZ_.torrent
2017-05-17 14:10 - 2017-05-17 14:10 - 00016545 _____ C:\Users\dado\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2017-05-16 18:05 - 2017-05-16 18:05 - 00145217 _____ C:\Users\dado\Downloads\SWOT_analyza.ppsx
2017-05-14 11:27 - 2017-05-28 14:26 - 00000000 ____D C:\Users\dado\Desktop\štatnice
2017-05-13 18:38 - 2017-05-13 18:38 - 00050314 _____ C:\Users\dado\Downloads\3. prezentácia (3).pptx
2017-05-13 14:05 - 2017-05-13 14:05 - 00050314 _____ C:\Users\dado\Downloads\3. prezentácia (2).pptx
2017-05-13 11:05 - 2017-05-13 11:05 - 00061066 _____ C:\Users\dado\Downloads\Kalendár 2017 (1).pptx
2017-05-12 18:31 - 2017-05-12 18:31 - 00667723 _____ C:\Users\dado\Downloads\2. prezentácia (5).pptx
2017-05-12 11:37 - 2017-05-12 11:37 - 00076384 _____ C:\Users\dado\Downloads\3. prezentácia (1).pptx
2017-05-12 10:42 - 2017-05-12 10:42 - 00070810 _____ C:\Users\dado\Downloads\1. prezentácia.pptx
2017-05-12 10:09 - 2017-05-12 10:09 - 00667723 _____ C:\Users\dado\Downloads\2. prezentácia (4).pptx
2017-05-11 19:35 - 2017-05-11 19:35 - 00000000 ___SD C:\Users\dado\Documents\Obrazce
2017-05-11 19:05 - 2017-05-11 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-11 19:04 - 2017-05-11 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-05-11 19:02 - 2017-05-11 19:02 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-11 18:13 - 2017-05-11 18:13 - 00014904 _____ C:\Users\dado\Downloads\[CzT]Microsoft_Visio_Professional_2013_CZ_.torrent
2017-05-09 12:46 - 2017-05-09 12:46 - 01551117 _____ C:\Users\dado\Downloads\TULIP-rev.-19.7.rar
2017-05-09 12:23 - 2017-05-09 12:23 - 01146112 _____ C:\Users\dado\Downloads\TULIP-evak-plán-2016.rar
2017-05-05 16:16 - 2017-05-05 16:16 - 00011603 _____ C:\Users\dado\Downloads\[CzT]Resident_Evil_Posledni_kapitola_Resident_Evil_6_The_Final_Chapter_2016_CZ_.torrent
2017-05-03 16:31 - 2017-05-03 16:32 - 00187215 _____ C:\Users\dado\Downloads\V000002 (1).zip
2017-05-01 10:06 - 2017-05-01 10:06 - 00187215 _____ C:\Users\dado\Downloads\V000002.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 18:53 - 2015-07-02 22:45 - 00000000 ___DC C:\FRST
2017-05-31 18:49 - 2012-09-09 12:35 - 00000000 ____D C:\Users\dado\AppData\Roaming\uTorrent
2017-05-31 18:45 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-31 18:45 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-31 18:43 - 2012-09-09 11:52 - 01167891 _____ C:\Windows\WindowsUpdate.log
2017-05-31 18:39 - 2012-05-10 15:53 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-31 18:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 18:36 - 2016-09-22 17:19 - 00045812 _____ C:\Windows\setupact.log
2017-05-31 13:49 - 2016-05-14 11:11 - 00000000 ____D C:\Users\dado\AppData\Local\Jagex
2017-05-31 13:49 - 2016-05-14 11:11 - 00000000 ____D C:\ProgramData\Jagex
2017-05-31 09:16 - 2013-09-14 13:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-31 09:16 - 2013-09-14 13:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-31 09:16 - 2010-11-21 05:47 - 00201638 _____ C:\Windows\PFRO.log
2017-05-30 21:04 - 2013-09-14 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-30 20:59 - 2012-09-09 12:40 - 00000000 ____D C:\Users\dado\AppData\Roaming\Skype
2017-05-30 18:43 - 2014-11-14 13:11 - 00000000 ____D C:\Users\dado\AppData\Roaming\gleam
2017-05-30 15:42 - 2014-10-14 22:23 - 00000000 ____D C:\Users\dado\Desktop\výška
2017-05-30 15:35 - 2015-02-06 21:46 - 00000000 ____D C:\Users\dado\Desktop\Steve jobs
2017-05-28 20:33 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-27 19:53 - 2016-01-27 16:19 - 00000000 ____D C:\Users\dado\AppData\Roaming\TS3Client
2017-05-27 18:52 - 2016-01-19 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-21 20:51 - 2017-04-09 20:07 - 00000000 ____D C:\Users\dado\Desktop\Prax
2017-05-18 16:38 - 2009-07-14 07:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-16 17:11 - 2015-01-23 23:34 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 17:11 - 2015-01-23 23:34 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-12 09:31 - 2009-07-14 06:45 - 00446192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 19:36 - 2012-09-09 11:57 - 00111928 _____ C:\Users\dado\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-11 19:08 - 2012-09-30 11:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2017-05-11 19:05 - 2012-05-10 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 19:01 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-11 19:00 - 2012-09-30 11:09 - 00000000 ____D C:\Program Files\Microsoft Office

==================== Files in the root of some directories =======

2014-01-18 15:58 - 2014-01-18 15:58 - 0000000 ___SH () C:\Users\dado\AppData\Local\LumaEmu
2016-12-10 16:20 - 2017-02-09 16:58 - 0007626 _____ () C:\Users\dado\AppData\Local\Resmon.ResmonCfg
2012-09-09 12:19 - 2016-09-29 15:48 - 0007600 _____ () C:\ProgramData\hpzinstall.log
2015-06-03 21:56 - 2015-06-03 21:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\dado\AppData\Local\Temp\0D0E768DP.exe
C:\Users\dado\AppData\Local\Temp\AcDeltree.exe
C:\Users\dado\AppData\Local\Temp\b2a375021c55707f5f419bc254229cc2.dll
C:\Users\dado\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll
C:\Users\dado\AppData\Local\Temp\KMP_4.1.5.8.exe
C:\Users\dado\AppData\Local\Temp\libeay32.dll
C:\Users\dado\AppData\Local\Temp\msvcr120.dll
C:\Users\dado\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dado\AppData\Local\Temp\nvStInst.exe
C:\Users\dado\AppData\Local\Temp\sqlite3.dll
C:\Users\dado\AppData\Local\Temp\Uninstaller-4668.exe
C:\Users\dado\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-24 17:45

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 31 kvě 2017 18:25

Zdravím!
To je nějaký šmejdík. Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

blaider1 · #3 Příspěvek od **blaider1** » 31 kvě 2017 18:41

# AdwCleaner v6.047 - Logfile created 31/05/2017 at 19:33:59
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-31.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : dado - DADO-PC
# Running from : C:\Users\dado\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\hxxp_mystartab.com_0.localstorage
[-] File deleted: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\hxxp_mystartab.com_0.localstorage-journal
[-] File deleted: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\hxxp_search.mystartabsearch.com_0.localstorage
[-] File deleted: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\hxxp_search.mystartabsearch.com_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2068 Bytes] - [08/06/2016 11:37:34]
C:\AdwCleaner\AdwCleaner[C3].txt - [4024 Bytes] - [04/10/2015 11:08:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [1433 Bytes] - [28/01/2016 11:01:54]
C:\AdwCleaner\AdwCleaner[C5].txt - [1971 Bytes] - [09/12/2016 20:05:04]
C:\AdwCleaner\AdwCleaner[C6].txt - [1871 Bytes] - [10/12/2016 17:04:23]
C:\AdwCleaner\AdwCleaner[C7].txt - [2016 Bytes] - [10/12/2016 18:25:26]
C:\AdwCleaner\AdwCleaner[C8].txt - [2421 Bytes] - [23/01/2017 13:23:56]
C:\AdwCleaner\AdwCleaner[C9].txt - [1837 Bytes] - [31/05/2017 19:33:59]
C:\AdwCleaner\AdwCleaner[R0].txt - [24812 Bytes] - [02/07/2015 21:43:28]
C:\AdwCleaner\AdwCleaner[R1].txt - [1018 Bytes] - [02/07/2015 22:03:14]
C:\AdwCleaner\AdwCleaner[R2].txt - [1075 Bytes] - [02/07/2015 22:35:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [21203 Bytes] - [02/07/2015 21:48:16]
C:\AdwCleaner\AdwCleaner[S10].txt - [2989 Bytes] - [31/05/2017 19:33:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [3019 Bytes] - [02/07/2015 22:36:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [3722 Bytes] - [04/10/2015 11:07:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [1299 Bytes] - [28/01/2016 11:00:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [2122 Bytes] - [09/12/2016 20:04:07]
C:\AdwCleaner\AdwCleaner[S7].txt - [2038 Bytes] - [10/12/2016 17:04:06]
C:\AdwCleaner\AdwCleaner[S8].txt - [2183 Bytes] - [10/12/2016 18:25:17]
C:\AdwCleaner\AdwCleaner[S9].txt - [2515 Bytes] - [23/01/2017 13:23:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [2789 Bytes] ##########

#4 Příspěvek od **Rudy** » 31 kvě 2017 19:32

Dejte nový log FRST.

blaider1 · #5 Příspěvek od **blaider1** » 31 kvě 2017 20:04

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by dado (administrator) on DADO-PC (31-05-2017 21:03:18)
Running from C:\Users\dado\Desktop
Loaded Profiles: dado (Available Profiles: dado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3031664 2011-04-06] (VIA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [uTorrent] => C:\Users\dado\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83409282-9345-4BDD-A9CF-B3C2ADFC8C92}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v sieti Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2048779508-4136272637-3483633514-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dado\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found]

Chrome:
=======
CHR StartupUrls: Profile 5 -> "hxxp://www.google.sk/"
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (YouTube) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-25]
CHR Extension: (video downloader) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkkdjcofableihebmbkiegidgoekafg [2014-06-19]
CHR Extension: (Adobe Acrobat – Vytvoriť PDF) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-29]
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-25]
CHR Extension: (Ostrov Thassos - pohľad na more - Grécko.) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljilfhnlofcfncmfgdnjkpglaailab [2014-08-03]
CHR Extension: (Gmail) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-25]
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-02-05] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-21] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-28] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-03-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-03-28] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S1 MpKsl0dda3e80; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62292CC5-0AD9-4BD4-88D8-CB901D1BF20B}\MpKsl0dda3e80.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 21:02 - 2017-05-31 21:03 - 00058872 _____ C:\Users\dado\Desktop\Addition.txt
2017-05-31 20:59 - 2017-05-31 21:03 - 00019877 _____ C:\Users\dado\Desktop\FRST.txt
2017-05-31 19:31 - 2017-05-31 19:31 - 04110280 _____ C:\Users\dado\Downloads\adwcleaner_6.047.exe
2017-05-31 19:31 - 2017-05-31 19:31 - 04110280 _____ C:\Users\dado\Desktop\adwcleaner_6.047.exe
2017-05-30 19:35 - 2017-05-30 19:35 - 00003562 _____ C:\Windows\System32\Tasks\Google Update 8.3
2017-05-30 19:35 - 2017-05-30 19:35 - 00000000 ____D C:\Users\dado\AppData\Roaming\Google Update 8.3
2017-05-30 19:35 - 2017-05-30 19:35 - 00000000 ____D C:\Users\dado\AppData\Local\minergate-cli
2017-05-30 15:47 - 2017-05-30 15:47 - 00000000 ____D C:\Users\dado\AppData\Local\ESET
2017-05-30 15:46 - 2017-05-30 15:47 - 06754944 _____ (ESET spol. s r.o.) C:\Users\dado\Downloads\esetonlinescanner_enu.exe
2017-05-30 15:41 - 2017-05-30 15:41 - 00361452 _____ C:\Users\dado\Downloads\FBI_sablona (2).pptx
2017-05-30 15:41 - 2017-05-30 15:41 - 00361452 _____ C:\Users\dado\Downloads\FBI_sablona (1).pptx
2017-05-30 15:28 - 2017-05-30 15:28 - 00003590 _____ C:\Windows\System32\Tasks\MicrosoftSearchIndexer
2017-05-29 10:05 - 2017-05-29 10:05 - 00187215 _____ C:\Users\dado\Downloads\V000002 (2).zip
2017-05-28 20:27 - 2017-05-28 20:27 - 00019612 _____ C:\Users\dado\Downloads\[CzT]Vsechno_nebo_nic_2017_CZ_.torrent
2017-05-28 20:16 - 2017-05-28 20:16 - 00018054 _____ C:\Users\dado\Downloads\[CzT]John_Wick_2_John_Wick_Chapter_Two_2017_WebRip_.torrent
2017-05-28 20:09 - 2017-05-28 20:09 - 00159682 _____ C:\Users\dado\Downloads\[CzT]Velka_cinska_zed_The_Great_Wall_2016_CZ_.torrent
2017-05-17 14:10 - 2017-05-17 14:10 - 00016545 _____ C:\Users\dado\Downloads\[CzT]Ledove_kralovstvi_Frozen_2013_CZ_.torrent
2017-05-16 18:05 - 2017-05-16 18:05 - 00145217 _____ C:\Users\dado\Downloads\SWOT_analyza.ppsx
2017-05-14 11:27 - 2017-05-28 14:26 - 00000000 ____D C:\Users\dado\Desktop\štatnice
2017-05-13 18:38 - 2017-05-13 18:38 - 00050314 _____ C:\Users\dado\Downloads\3. prezentácia (3).pptx
2017-05-13 14:05 - 2017-05-13 14:05 - 00050314 _____ C:\Users\dado\Downloads\3. prezentácia (2).pptx
2017-05-13 11:05 - 2017-05-13 11:05 - 00061066 _____ C:\Users\dado\Downloads\Kalendár 2017 (1).pptx
2017-05-12 18:31 - 2017-05-12 18:31 - 00667723 _____ C:\Users\dado\Downloads\2. prezentácia (5).pptx
2017-05-12 11:37 - 2017-05-12 11:37 - 00076384 _____ C:\Users\dado\Downloads\3. prezentácia (1).pptx
2017-05-12 10:42 - 2017-05-12 10:42 - 00070810 _____ C:\Users\dado\Downloads\1. prezentácia.pptx
2017-05-12 10:09 - 2017-05-12 10:09 - 00667723 _____ C:\Users\dado\Downloads\2. prezentácia (4).pptx
2017-05-11 19:35 - 2017-05-11 19:35 - 00000000 ___SD C:\Users\dado\Documents\Obrazce
2017-05-11 19:05 - 2017-05-11 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-11 19:04 - 2017-05-11 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-05-11 19:02 - 2017-05-11 19:02 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-05-11 18:13 - 2017-05-11 18:13 - 00014904 _____ C:\Users\dado\Downloads\[CzT]Microsoft_Visio_Professional_2013_CZ_.torrent
2017-05-09 12:46 - 2017-05-09 12:46 - 01551117 _____ C:\Users\dado\Downloads\TULIP-rev.-19.7.rar
2017-05-09 12:23 - 2017-05-09 12:23 - 01146112 _____ C:\Users\dado\Downloads\TULIP-evak-plán-2016.rar
2017-05-05 16:16 - 2017-05-05 16:16 - 00011603 _____ C:\Users\dado\Downloads\[CzT]Resident_Evil_Posledni_kapitola_Resident_Evil_6_The_Final_Chapter_2016_CZ_.torrent
2017-05-03 16:31 - 2017-05-03 16:32 - 00187215 _____ C:\Users\dado\Downloads\V000002 (1).zip
2017-05-01 10:06 - 2017-05-01 10:06 - 00187215 _____ C:\Users\dado\Downloads\V000002.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 21:03 - 2015-07-02 22:45 - 00000000 ___DC C:\FRST
2017-05-31 21:00 - 2016-05-14 11:11 - 00000000 ____D C:\Users\dado\AppData\Local\Jagex
2017-05-31 21:00 - 2016-05-14 11:11 - 00000000 ____D C:\ProgramData\Jagex
2017-05-31 19:49 - 2016-01-19 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-31 19:44 - 2016-09-22 17:19 - 00045924 _____ C:\Windows\setupact.log
2017-05-31 19:44 - 2012-09-09 11:52 - 01182542 _____ C:\Windows\WindowsUpdate.log
2017-05-31 19:44 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-31 19:44 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-31 19:43 - 2012-09-09 12:35 - 00000000 ____D C:\Users\dado\AppData\Roaming\uTorrent
2017-05-31 19:38 - 2012-05-10 15:53 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-31 19:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 19:33 - 2015-07-02 21:43 - 00000000 ___DC C:\AdwCleaner
2017-05-31 09:16 - 2013-09-14 13:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-31 09:16 - 2013-09-14 13:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-31 09:16 - 2010-11-21 05:47 - 00201638 _____ C:\Windows\PFRO.log
2017-05-30 21:04 - 2013-09-14 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-30 20:59 - 2012-09-09 12:40 - 00000000 ____D C:\Users\dado\AppData\Roaming\Skype
2017-05-30 18:43 - 2014-11-14 13:11 - 00000000 ____D C:\Users\dado\AppData\Roaming\gleam
2017-05-30 15:42 - 2014-10-14 22:23 - 00000000 ____D C:\Users\dado\Desktop\výška
2017-05-30 15:35 - 2015-02-06 21:46 - 00000000 ____D C:\Users\dado\Desktop\Steve jobs
2017-05-28 20:33 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-27 19:53 - 2016-01-27 16:19 - 00000000 ____D C:\Users\dado\AppData\Roaming\TS3Client
2017-05-21 20:51 - 2017-04-09 20:07 - 00000000 ____D C:\Users\dado\Desktop\Prax
2017-05-18 16:38 - 2009-07-14 07:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-16 17:11 - 2015-01-23 23:34 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 17:11 - 2015-01-23 23:34 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-12 09:31 - 2009-07-14 06:45 - 00446192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 19:36 - 2012-09-09 11:57 - 00111928 _____ C:\Users\dado\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-11 19:08 - 2012-09-30 11:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2017-05-11 19:05 - 2012-05-10 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 19:01 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-11 19:00 - 2012-09-30 11:09 - 00000000 ____D C:\Program Files\Microsoft Office

==================== Files in the root of some directories =======

2014-01-18 15:58 - 2014-01-18 15:58 - 0000000 ___SH () C:\Users\dado\AppData\Local\LumaEmu
2016-12-10 16:20 - 2017-02-09 16:58 - 0007626 _____ () C:\Users\dado\AppData\Local\Resmon.ResmonCfg
2012-09-09 12:19 - 2016-09-29 15:48 - 0007600 _____ () C:\ProgramData\hpzinstall.log
2015-06-03 21:56 - 2015-06-03 21:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\dado\AppData\Local\Temp\0D0E768DP.exe
C:\Users\dado\AppData\Local\Temp\AcDeltree.exe
C:\Users\dado\AppData\Local\Temp\b2a375021c55707f5f419bc254229cc2.dll
C:\Users\dado\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll
C:\Users\dado\AppData\Local\Temp\KMP_4.1.5.8.exe
C:\Users\dado\AppData\Local\Temp\libeay32.dll
C:\Users\dado\AppData\Local\Temp\msvcr120.dll
C:\Users\dado\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dado\AppData\Local\Temp\nvStInst.exe
C:\Users\dado\AppData\Local\Temp\sqlite3.dll
C:\Users\dado\AppData\Local\Temp\Uninstaller-4668.exe
C:\Users\dado\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-24 17:45

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 31 kvě 2017 20:40

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\setup.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found]
C:\Users\dado\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

blaider1 · #7 Příspěvek od **blaider1** » 01 čer 2017 13:00

problém zatiaľ stále pretrváva, tu je fix log:
Fix result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by dado (2017-06-01 13:49:28) Run:3
Running from C:\Users\dado\Desktop
Loaded Profiles: dado (Available Profiles: dado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\setup.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found]
C:\Users\dado\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109d5f78-03f5-11e2-ac61-5404a6c4fd45}" => key removed successfully
HKCR\CLSID\{109d5f78-03f5-11e2-ac61-5404a6c4fd45} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] => not found
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found] => not found
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found] => not found
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found] => not found
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found] => not found
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found] => not found
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found] => not found
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found] => not found
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found] => not found
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found] => not found
C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff => not found.
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found] => not found

"C:\Users\dado\AppData\Local\Temp" folder move:

Could not move "C:\Users\dado\AppData\Local\Temp" => Scheduled to move on reboot.

EmptyTemp: => 7.1 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2017-06-01 13:57:06)

C:\Users\dado\AppData\Local\Temp => moved successfully

==== End of Fixlog 13:57:07 ====

#8 Příspěvek od **Rudy** » 01 čer 2017 17:02

Smazáno. Nastala nějaká změna?

blaider1 · #9 Příspěvek od **blaider1** » 01 čer 2017 18:29

ako som uvidel na začiatku toho fix logu , zmena nenastala bohužiaľ žiadna.

#10 Příspěvek od **Rudy** » 01 čer 2017 19:03

Zkuste ho tedy vypnout. Návod: http://wintip.cz/524-jak-vypnout-windows-script-host .

blaider1 · #11 Příspěvek od **blaider1** » 01 čer 2017 19:59

Vypnutie som skúšal už ako prvé, pred tým ako som pridal príspevok hláška sa iba zmenila na to že script je vypnutý ale stále otravuje

#12 Příspěvek od **Rudy** » 01 čer 2017 20:11

OK. Najděte tedy soubor wscript.exe/cscript.exe (měl by být ve složce system32) a smažte ho. Udělejte si ale předm zálohu, nevím, jestli to nebude něco hlásit. Běžně totiž stačí vypnutí.

blaider1 · #13 Příspěvek od **blaider1** » 02 čer 2017 08:24

o pár dni končím školu, tak stým trošku ešte počkám poprosím nezamykať topic. Nad ďalšou vecou kt. rozmýšlam je úplne pre inštalovanie systému, odkedy mám pc ešte obnova systému neprebehla a už to bude nejaký ten rok. Avšak nie som v tom moc odborník, jedná sa o w7, je možné obnovit systém do továrnych nastavení? alebo treba vytvorit trebars botovacie CD ? Nebude problém potom s akutalizáciami keď podpora pre w7 skončila ? podarí sa mi sitahnuť aspon tie ktoré mám nainštalované teraz ? Viem že už je toto trošku offtopic ale stále je to riešenie problému

#14 Příspěvek od **altrok** » 02 čer 2017 15:38

Ahoj,

omluva za jednorazovy vstup - nabootuj do nouzoveho rezimu, smaz soubor C:\Windows\System32\Tasks\MicrosoftSearchIndexer a restart do normalniho rezimu. GL pri statnicich... budeme ho potrebovat

Poroucim se

blaider1 · #15 Příspěvek od **blaider1** » 03 čer 2017 12:38

altrok píše:Ahoj,

omluva za jednorazovy vstup - nabootuj do nouzoveho rezimu, smaz soubor C:\Windows\System32\Tasks\MicrosoftSearchIndexer a restart do normalniho rezimu. GL pri statnicich... budeme ho potrebovat Poroucim se

Problém vyriešený . ďakujem vám obom za pomoc, už nebudem viac strácať nervy pri tých vyskakujúcich oknách.. Podobne veľa štastia pri štatniciach

VIRY.CZ

windows script host

windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host

Re: windows script host