Prosím o kontrolu logu

[Orcus]

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Reklama]

[Petr28]

-Log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02
Ran by Dijkstra (administrator) on PETR (12-10-2015 18:59:15)
Running from C:\Users\Dijkstra\Desktop
Loaded Profiles: Dijkstra & UpdatusUser (Available Profiles: Dijkstra & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2015-09-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2015-09-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2015-09-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2015-09-02] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2015-09-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-10-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{FB5A84F5-1480-4054-9854-7574D027A605}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/?gfe_rd=cr&ei=8hj ... gws_rd=ssl
SearchScopes: HKU\S-1-5-21-421577638-2401411598-1918065572-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-06] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dijkstra\AppData\Roaming\Mozilla\Firefox\Profiles\i3o634ms.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://forum.modelarovo.cz/","hxxps://www.seznam.cz/"
CHR Profile: C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-06]
CHR Extension: (Dokumenty Google) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-06]
CHR Extension: (Disk Google) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-06]
CHR Extension: (YouTube) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-06]
CHR Extension: (Tabulky Google) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-06]
CHR Extension: (Gmail) - C:\Users\Dijkstra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-10-10] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-06] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 18:59 - 2015-10-12 18:59 - 00014282 _____ C:\Users\Dijkstra\Desktop\FRST.txt
2015-10-12 18:59 - 2015-10-12 18:59 - 00000000 ____D C:\FRST
2015-10-12 18:57 - 2015-10-12 18:57 - 02195968 _____ (Farbar) C:\Users\Dijkstra\Desktop\FRST64.exe
2015-10-12 15:43 - 2015-10-12 17:25 - 00000168 _____ C:\Windows\setupact.log
2015-10-12 15:43 - 2015-10-12 15:43 - 00408344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-12 15:43 - 2015-10-12 15:43 - 00109296 _____ C:\Users\Dijkstra\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-12 15:43 - 2015-10-12 15:43 - 00000000 _____ C:\Windows\setuperr.log
2015-10-11 12:30 - 2015-10-11 12:56 - 461372484 _____ C:\Users\Dijkstra\Downloads\The.Big.Bang.Theory.S09E03.720p.HDTV.x264-DIMENSION.avi
2015-10-11 12:07 - 2015-10-11 12:07 - 00165376 _____ C:\Users\Dijkstra\Desktop\SystemLook_x64.exe
2015-10-11 12:05 - 2015-10-11 12:06 - 00000512 _____ C:\Users\Dijkstra\Desktop\MBR.dat
2015-10-11 12:00 - 2015-10-11 12:00 - 00009238 _____ C:\Users\Dijkstra\Desktop\hijackthis.log
2015-10-11 00:28 - 2015-10-12 15:36 - 00000000 ____D C:\Windows\erdnt
2015-10-11 00:23 - 2015-10-11 00:23 - 00006316 _____ C:\Users\Dijkstra\Desktop\zoek-results.txt
2015-10-11 00:21 - 2015-10-11 00:09 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-10-11 00:09 - 2015-10-11 00:23 - 00006316 _____ C:\zoek-results.log
2015-10-11 00:09 - 2015-10-11 00:09 - 00000000 ____D C:\zoek_backup
2015-10-11 00:08 - 2015-10-11 00:08 - 01309184 _____ C:\Users\Dijkstra\Desktop\zoek.exe
2015-10-11 00:06 - 2015-10-11 00:06 - 00006362 _____ C:\Users\Dijkstra\Desktop\RoKi.txt
2015-10-10 23:54 - 2015-10-10 23:54 - 00001153 _____ C:\Users\Dijkstra\Desktop\MBAM.txt
2015-10-10 23:22 - 2015-10-10 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-10 23:16 - 2015-10-10 23:16 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\Avira
2015-10-10 23:15 - 2015-10-10 23:21 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-10-10 23:15 - 2015-10-10 23:21 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-10-10 23:15 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-10-10 23:15 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-10-10 22:04 - 2015-10-10 23:55 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-10 22:04 - 2015-10-10 22:16 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-10 22:01 - 2015-10-10 22:02 - 22773320 _____ C:\Users\Dijkstra\Desktop\RogueKillerX64.exe
2015-10-10 22:00 - 2015-10-10 22:00 - 00060792 _____ C:\Users\Dijkstra\Downloads\8F8C.tmp
2015-10-10 21:54 - 2015-10-10 21:54 - 01801288 _____ (Malwarebytes) C:\Users\Dijkstra\Desktop\JRT.exe
2015-10-10 11:20 - 2015-10-10 23:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 11:19 - 2015-10-10 11:19 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-10 11:19 - 2015-10-10 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-10 11:19 - 2015-10-10 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-10 11:19 - 2015-10-10 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-10 11:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-10 11:19 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-10 11:19 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-10 11:17 - 2015-10-10 11:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dijkstra\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-10 11:14 - 2015-10-10 11:14 - 01682432 _____ C:\Users\Dijkstra\Desktop\AdwCleaner.exe
2015-10-10 11:04 - 2015-10-10 11:04 - 00448512 _____ (OldTimer Tools) C:\Users\Dijkstra\Downloads\TFC.exe
2015-10-10 11:03 - 2015-10-10 11:03 - 00050688 _____ (Atribune.org) C:\Users\Dijkstra\Downloads\ATF-Cleaner.exe
2015-10-10 00:47 - 2015-10-10 23:15 - 00000000 ____D C:\ProgramData\Avira
2015-10-10 00:47 - 2015-10-10 23:15 - 00000000 ____D C:\Program Files (x86)\Avira
2015-10-10 00:44 - 2015-10-10 00:46 - 207206296 _____ C:\Users\Dijkstra\Downloads\avira_antivirus_en-us.exe
2015-10-10 00:42 - 2015-10-10 00:42 - 00000017 _____ C:\Users\Dijkstra\Downloads\stinger10.2.0.179.opt
2015-10-10 00:17 - 2015-10-10 11:58 - 00000000 ____D C:\AdwCleaner
2015-10-10 00:16 - 2015-10-10 00:16 - 01682432 _____ C:\Users\Dijkstra\Downloads\adwcleaner_5.013.exe
2015-10-09 23:28 - 2015-10-09 23:30 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-09 23:28 - 2015-10-09 23:30 - 00000000 ____D C:\Windows\system32\vbox
2015-10-09 23:24 - 2015-10-10 10:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-09 23:11 - 2015-10-12 15:45 - 00009331 _____ C:\Users\Dijkstra\Downloads\hijackthis.log
2015-10-09 23:07 - 2015-10-09 23:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dijkstra\Downloads\hijackthis.exe
2015-10-09 20:50 - 2015-10-09 20:50 - 00000000 _____ C:\Users\Dijkstra\Desktop\PSY.txt
2015-10-09 18:51 - 2015-10-09 18:51 - 00000000 ____D C:\Users\Dijkstra\Desktop\Stromboli
2015-10-09 14:51 - 2015-10-09 14:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-10-08 21:08 - 2015-10-11 11:58 - 00002205 _____ C:\Users\Dijkstra\Desktop\SPP.txt
2015-10-07 23:02 - 2015-10-07 23:02 - 00000000 _____ C:\Users\Dijkstra\Desktop\Čombe.txt
2015-10-05 18:03 - 2015-10-05 18:03 - 00000000 ____D C:\Users\Dijkstra\Downloads\Kola
2015-10-05 18:02 - 2015-10-05 18:03 - 01031391 _____ C:\Users\Dijkstra\Downloads\Kola.rar
2015-10-04 16:59 - 2015-10-04 16:59 - 12757608 _____ (Intel Corporation) C:\Users\Dijkstra\Downloads\SetupRST.exe
2015-10-04 16:59 - 2015-10-04 16:59 - 00000000 ____D C:\Users\Dijkstra\Intel
2015-10-04 16:59 - 2015-10-04 16:59 - 00000000 ____D C:\Users\Dijkstra\Downloads\f6flpy-x64
2015-10-04 16:58 - 2015-10-04 16:58 - 00612674 _____ C:\Users\Dijkstra\Downloads\f6flpy-x64.zip
2015-10-03 21:47 - 2015-10-03 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-10-03 21:47 - 2015-10-03 21:47 - 00000000 ____D C:\Program Files (x86)\HD Tune
2015-10-03 21:46 - 2015-10-03 21:46 - 00642632 _____ (EFD Software ) C:\Users\Dijkstra\Downloads\hdtune_255.exe
2015-10-03 20:07 - 2015-10-04 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-03 14:05 - 2015-10-03 14:30 - 453708054 _____ C:\Users\Dijkstra\Downloads\The.Big.Bang.Theory.S09E02.720p.HDTV.X264-DIMENSION.avi
2015-10-03 13:35 - 2015-10-03 14:03 - 481953796 _____ C:\Users\Dijkstra\Downloads\The.Big.Bang.Theory.S09E01.720p.HDTV.x264-DIMENSION.avi
2015-10-01 16:13 - 2015-10-10 22:03 - 00000471 _____ C:\Users\Dijkstra\Desktop\VYT.txt
2015-09-30 18:53 - 2015-09-30 18:53 - 00000000 ____D C:\Users\Dijkstra\Downloads\memtest86-usb
2015-09-30 18:52 - 2015-09-30 18:52 - 06071462 _____ C:\Users\Dijkstra\Downloads\memtest86-usb.zip
2015-09-30 13:44 - 2015-09-30 13:44 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\JAM Software
2015-09-30 13:43 - 2015-09-30 13:43 - 00000000 ____D C:\Users\Dijkstra\Downloads\HeavyLoad-x86
2015-09-30 13:42 - 2015-09-30 13:43 - 05778757 _____ C:\Users\Dijkstra\Downloads\HeavyLoad-x86.zip
2015-09-30 13:39 - 2015-09-30 13:40 - 00000000 ____D C:\Users\Dijkstra\Downloads\CrystalDiskInfo5_6_2
2015-09-30 13:39 - 2015-09-30 13:39 - 01253687 _____ C:\Users\Dijkstra\Downloads\CrystalDiskInfo5_6_2.zip
2015-09-30 13:17 - 2015-10-10 22:52 - 00000000 ____D C:\Users\Dijkstra\Desktop\BSoD
2015-09-30 13:15 - 2015-09-30 13:15 - 00000000 ____D C:\Users\Dijkstra\Downloads\Pink-Floyd---The-Wall-(2000-Remaster)-[1979]-OGG
2015-09-30 12:45 - 2015-09-30 13:02 - 305514259 _____ C:\Users\Dijkstra\Downloads\Pink-Floyd---The-Wall-(2000-Remaster)-[1979]-OGG.rar
2015-09-28 18:00 - 2015-09-28 19:12 - 00067893 _____ C:\Users\Dijkstra\Downloads\bluescreenview.zip
2015-09-28 18:00 - 2015-09-28 18:00 - 00001729 _____ C:\Users\Dijkstra\Downloads\bluescreenview_czech.zip
2015-09-26 21:34 - 2015-09-26 21:34 - 00000000 ____D C:\Users\Dijkstra\Downloads\Torrent
2015-09-26 21:21 - 2015-09-26 21:21 - 03728896 _____ C:\Users\Dijkstra\Documents\nov_________koda.pps
2015-09-26 21:16 - 2015-09-26 21:16 - 09067009 _____ C:\Users\Dijkstra\Documents\Cechy_r._1922_z_vysky.pps
2015-09-26 20:04 - 2015-10-06 21:28 - 00000584 _____ C:\Users\Dijkstra\Desktop\Garáž.txt
2015-09-24 20:47 - 2015-10-07 19:02 - 00000397 _____ C:\Users\Dijkstra\Desktop\AJ.txt
2015-09-21 22:03 - 2015-09-21 22:03 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-19 21:57 - 2015-09-19 21:57 - 00000163 _____ C:\Users\Dijkstra\Documents\PMXnView.xbs
2015-09-17 19:52 - 2015-10-12 15:40 - 00000000 ____D C:\Windows\Minidump
2015-09-15 20:59 - 2015-09-15 20:59 - 00000000 ____D C:\Users\Dijkstra\AppData\Local\Downloaded Installations
2015-09-15 20:59 - 2015-09-15 20:59 - 00000000 ____D C:\ProgramData\Pinnacle
2015-09-15 20:42 - 2015-09-15 20:42 - 00003584 _____ C:\Users\Dijkstra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-15 20:30 - 2015-09-15 20:56 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\avidemux
2015-09-15 20:29 - 2015-09-15 21:12 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 18:33 - 2015-09-02 17:17 - 01188377 _____ C:\Windows\WindowsUpdate.log
2015-10-12 18:03 - 2015-09-08 15:36 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-12 17:37 - 2009-07-14 06:45 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:37 - 2009-07-14 06:45 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:27 - 2015-09-02 18:03 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-10-12 17:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-12 15:40 - 2015-09-11 20:31 - 00000000 ____D C:\Users\Dijkstra\AppData\Local\CrashDumps
2015-10-12 15:40 - 2015-09-06 19:23 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\Notepad++
2015-10-12 15:40 - 2015-09-06 19:13 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\DAEMON Tools Lite
2015-10-12 15:40 - 2015-09-06 18:57 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\XnView
2015-10-12 15:40 - 2015-09-02 18:10 - 00000000 ____D C:\Windows\Panther
2015-10-11 15:33 - 2009-07-14 12:49 - 00668702 _____ C:\Windows\system32\perfh005.dat
2015-10-11 15:33 - 2009-07-14 12:49 - 00141330 _____ C:\Windows\system32\perfc005.dat
2015-10-11 15:33 - 2009-07-14 07:13 - 01582854 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-11 13:47 - 2015-09-06 10:52 - 00000000 ____D C:\Users\Dijkstra\AppData\Roaming\Skype
2015-10-11 11:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-10-11 11:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-11 11:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-11 11:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-10-11 11:45 - 2015-09-06 20:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-10 23:24 - 2015-09-06 19:03 - 00000000 ____D C:\Users\Dijkstra\Desktop\Software
2015-10-10 11:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SchCache
2015-10-09 23:33 - 2015-09-06 07:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-09 20:35 - 2015-09-09 13:44 - 00015495 _____ C:\Users\Dijkstra\rgmnr
2015-10-09 20:33 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-09 15:19 - 2015-09-06 14:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-09 15:19 - 2015-09-06 14:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-09 14:42 - 2015-09-02 17:22 - 00000000 ____D C:\Users\Dijkstra
2015-10-09 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-10-08 17:41 - 2015-09-06 18:26 - 00000000 ____D C:\Users\Dijkstra\Desktop\SOŠ
2015-10-06 15:15 - 2015-09-06 10:52 - 00000000 ____D C:\ProgramData\Skype
2015-10-04 12:56 - 2015-09-06 20:33 - 00000000 ____D C:\Users\Dijkstra\Desktop\Photo
2015-10-04 10:38 - 2015-09-06 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-03 14:22 - 2015-09-06 19:54 - 00000000 ____D C:\Users\Dijkstra\Desktop\MODELAŘENÍ
2015-09-28 22:22 - 2015-09-06 18:12 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-26 21:41 - 2015-09-06 18:27 - 00000000 ____D C:\Users\Dijkstra\Desktop\Poznámky
2015-09-26 21:35 - 2015-09-06 18:27 - 00000000 ____D C:\Users\Dijkstra\Downloads\Software
2015-09-26 21:19 - 2015-09-06 18:28 - 00000959 _____ C:\Users\Dijkstra\Documents\Nová přísloví.txt
2015-09-21 22:03 - 2015-09-08 15:36 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 22:03 - 2015-09-08 15:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 22:03 - 2015-09-08 15:36 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-17 23:16 - 2015-09-06 18:11 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 23:16 - 2015-09-06 18:11 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 21:11 - 2015-09-06 18:28 - 00000000 ____D C:\Users\Dijkstra\Desktop\ARCHIV
2015-09-15 20:43 - 2015-09-02 17:23 - 00000000 ____D C:\Users\Dijkstra\AppData\Local\VirtualStore
2015-09-13 21:49 - 2015-09-06 18:11 - 00000000 ____D C:\Users\Dijkstra\AppData\Local\Google
2015-09-13 20:23 - 2015-09-06 18:48 - 00000000 ____D C:\Users\Dijkstra\Desktop\ARCHIV ČSR

==================== Files in the root of some directories =======

2015-09-15 20:42 - 2015-09-15 20:42 - 0003584 _____ () C:\Users\Dijkstra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Dijkstra\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 14:06

==================== End of FRST.txt ============================

-Log Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Dijkstra (2015-10-12 19:00:09)
Running from C:\Users\Dijkstra\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-09-02 15:22:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-421577638-2401411598-1918065572-500 - Administrator - Disabled)
Dijkstra (S-1-5-21-421577638-2401411598-1918065572-1000 - Administrator - Enabled) => C:\Users\Dijkstra
Guest (S-1-5-21-421577638-2401411598-1918065572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-421577638-2401411598-1918065572-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-421577638-2401411598-1918065572-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware verze 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 cs)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{6F8A555E-F2E1-415D-AD8A-67C0A7671029}) (Version: 8.10.27 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
Ovládací panel NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Rajče průvodce verze 1.59.54.269 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6339 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
TSR Watermark Image software version 2.2.0.7 (HKLM-x32\...\TSR Watermark Image_is1) (Version: - )
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Winrar 4.11_64bit_32_bit+full+cz version for Windows (HKLM-x32\...\{A9B1D15A-58A6-6A5A-525C-33F3BFE7819C}_is1) (Version: for Windows - )
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-10-2015 15:36:28 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-10-11 11:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C38018F-0154-4973-9740-F5F4D4162CBC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4120D352-9181-407C-A74A-0F69C0C4C58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7078F449-146B-4EC9-896E-E753547A6E63} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {719BA1A6-D222-4801-B540-09F2540CC609} - System32\Tasks\{B16565BA-6794-4ECE-AD47-1EDAAF50019B} => pcalua.exe -a F:\FreeRapid-0.9u4\frd.exe -d F:\FreeRapid-0.9u4
Task: {7F92B81C-520B-483A-B3A2-03D8933B186C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C0D03C35-2E8A-4A08-B1EA-0CB0E16CF736} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-06 06:15 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-11 01:36 - 2015-09-02 17:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-13 00:25 - 2014-12-13 00:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-09-06 14:47 - 2015-09-06 14:47 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll
2015-09-02 17:54 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421577638-2401411598-1918065572-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dijkstra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FC4AA5E6-A4DC-4A89-87F5-0EC782250E64}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{157DE405-BA5B-47C7-AE6D-856869B5325F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{69C718BF-F927-42CD-8EFE-9D1355F18D69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{68318247-BBBA-4B51-A69C-57B44BEA5425}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEF4EC48-4786-470B-B058-BA5508686826}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A5CDBE71-36BE-4165-9F45-C69A0D621DA3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56EB88D7-1D64-4358-8A47-1D3507F90C47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B0C7CECB-EEED-4E93-9CA2-DBF10B80E44A}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{1CCE2773-9450-403C-8E74-0E358291E1B0}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{C57AE8DF-3DFD-4311-8A0C-FF07A5F05A46}C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{AA08C61D-92D0-468B-BF23-10D5DCF75BFA}C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\launch4j-tmp\frd.exe
FirewallRules: [{0522849D-6DD8-43BC-B7C5-8F6543F666B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2015 03:44:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (10/12/2015 03:44:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/12/2015 03:44:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 03:44:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Služba Windows Search neotevřela úložiště vlastností databázového stroje Jet.

Podrobnosti:
0x%08x (0xc0041800 - Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800))

Error: (10/12/2015 03:44:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3740) Windows: Při otevírání souboru protokolu C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00427.log došlo k chybě -1811.


System errors:
=============
Error: (10/12/2015 06:23:41 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.

Error: (10/12/2015 05:58:37 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.

Error: (10/12/2015 05:58:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Zasílání zpráv o chybách systému Windows bylo dosaženo časového limitu (30000 ms).

Error: (10/12/2015 05:27:39 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.

Error: (10/12/2015 05:27:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (10/12/2015 05:27:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Sdílení připojení k Internetu (ICS) přestala během spouštění reagovat.

Error: (10/12/2015 05:25:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:25:26, ‎12.‎10.‎2015) bylo neočekávané.

Error: (10/12/2015 04:11:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (10/12/2015 04:11:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby AtherosSvc bylo dosaženo časového limitu (30000 ms).

Error: (10/12/2015 04:10:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (15:57:34, ‎12.‎10.‎2015) bylo neočekávané.


CodeIntegrity:
===================================
Date: 2015-10-11 11:45:24.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:45:24.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:45:24.467
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:45:24.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:41:40.935
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:41:40.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:41:40.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 11:41:40.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 00:34:52.826
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-11 00:34:52.810
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 8043.86 MB
Available physical RAM: 6269.29 MB
Total Virtual: 16085.92 MB
Available Virtual: 13842.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:434.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 698.6 GB) (Disk ID: D503AB75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[jerabina]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

FF NewTab: about:newtab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]

CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://forum.modelarovo.cz/","hxxps://www.seznam.cz/"

C:\ProgramData\RogueKiller

C:\Users\Dijkstra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Task: {4120D352-9181-407C-A74A-0F69C0C4C58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7078F449-146B-4EC9-896E-E753547A6E63} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {719BA1A6-D222-4801-B540-09F2540CC609} - System32\Tasks\{B16565BA-6794-4ECE-AD47-1EDAAF50019B} => pcalua.exe -a F:\FreeRapid-0.9u4\frd.exe -d F:\FreeRapid-0.9u4
Task: {7F92B81C-520B-483A-B3A2-03D8933B186C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C0D03C35-2E8A-4A08-B1EA-0CB0E16CF736} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp

Hosts:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[Petr28]

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Dijkstra (2015-10-12 21:27:42) Run:1
Running from C:\Users\Dijkstra\Desktop
Loaded Profiles: Dijkstra & UpdatusUser (Available Profiles: Dijkstra & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

FF NewTab: about:newtab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]

CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://forum.modelarovo.cz/","hxxps://www.seznam.cz/"

C:\ProgramData\RogueKiller

C:\Users\Dijkstra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Task: {4120D352-9181-407C-A74A-0F69C0C4C58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7078F449-146B-4EC9-896E-E753547A6E63} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {719BA1A6-D222-4801-B540-09F2540CC609} - System32\Tasks\{B16565BA-6794-4ECE-AD47-1EDAAF50019B} => pcalua.exe -a F:\FreeRapid-0.9u4\frd.exe -d F:\FreeRapid-0.9u4
Task: {7F92B81C-520B-483A-B3A2-03D8933B186C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C0D03C35-2E8A-4A08-B1EA-0CB0E16CF736} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-421577638-2401411598-1918065572-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-421577638-2401411598-1918065572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Firefox "newtab" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
Chrome StartupUrls => removed successfully
C:\ProgramData\RogueKiller => moved successfully
C:\Users\Dijkstra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4120D352-9181-407C-A74A-0F69C0C4C58D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4120D352-9181-407C-A74A-0F69C0C4C58D}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7078F449-146B-4EC9-896E-E753547A6E63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7078F449-146B-4EC9-896E-E753547A6E63}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719BA1A6-D222-4801-B540-09F2540CC609}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719BA1A6-D222-4801-B540-09F2540CC609}" => key removed successfully
C:\Windows\System32\Tasks\{B16565BA-6794-4ECE-AD47-1EDAAF50019B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B16565BA-6794-4ECE-AD47-1EDAAF50019B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F92B81C-520B-483A-B3A2-03D8933B186C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F92B81C-520B-483A-B3A2-03D8933B186C}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0D03C35-2E8A-4A08-B1EA-0CB0E16CF736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0D03C35-2E8A-4A08-B1EA-0CB0E16CF736}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully

=========== "C:\WINDOWS\System32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\System32\*.tmp" ========


=========== "C:\WINDOWS\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\*.tmp" ========


=========== "C:\WINDOWS\system32\*.tmp.dll" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp.dll" ========


=========== "C:\WINDOWS\System32\dllcache\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\System32\dllcache\*.tmp" ========


=========== "C:\WINDOWS\system32\SET*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\SET*.tmp" ========


=========== "C:\WINDOWS\system32\DUMP*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\DUMP*.tmp" ========


=========== "c:\windows\Tasks\*.job /s" ==========

not found

========= End -> "c:\windows\Tasks\*.job /s" ========


=========== "C:\*.tmp" ==========

not found

========= End -> "C:\*.tmp" ========


=========== "C:\WINDOWS\System32\drivers\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\System32\drivers\*.tmp" ========


=========== "C:\Program Files\*.tmp" ==========

not found

========= End -> "C:\Program Files\*.tmp" ========


=========== "C:\Documents and Settings\All Users\Data aplikací\*.tmp" ==========

not found

========= End -> "C:\Documents and Settings\All Users\Data aplikací\*.tmp" ========


=========== "C:\Windows\SysNative\drivers\*.tmp" ==========

not found

========= End -> "C:\Windows\SysNative\drivers\*.tmp" ========


=========== "C:\Windows\SysWow64\drivers\*.tmp" ==========

not found

========= End -> "C:\Windows\SysWow64\drivers\*.tmp" ========


=========== "C:\Program Files (x86)\*.tmp" ==========

not found

========= End -> "C:\Program Files (x86)\*.tmp" ========


=========== "C:\Windows\SysWow64\*.tmp" ==========

not found

========= End -> "C:\Windows\SysWow64\*.tmp" ========


=========== "C:\Windows\SysNative\*.tmp" ==========

not found

========= End -> "C:\Windows\SysNative\*.tmp" ========


=========== "C:\Program Files (x86)\*.tmp" ==========

not found

========= End -> "C:\Program Files (x86)\*.tmp" ========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 90.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:27:50 ====

[jerabina]

Co problémy?

[Petr28]

No teď když otevřu notebook a přihlásim se, tak to nepadá ale moc nereaguje. Když jsem kliknul na Restartovat tak jen zčernala obrazovka a nic dál, tak jsem ho musel vypnout na tvrdo.

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\System32\userinit.exe
C:\Windows\erdnt\cache64\userinit.exe
C:\Windows\erdnt\cache86\userinit.exe


Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Petr28]

Když jsem pouštěl ty testy, tak mi to psalo že byly testovány včera, což je blbost, tuhle stránku vidím prvně.
C:\Windows\System32\userinit.exe
https://www.virustotal.com/cs/file/538f ... 444756098/

C:\Windows\erdnt\cache64\userinit.exe
https://www.virustotal.com/cs/file/11c1 ... 444756337/

C:\Windows\erdnt\cache86\userinit.exe
https://www.virustotal.com/cs/file/538f ... 444756451/

[jerabina]

V podstatě se jedná o výsledky testů stejně pojmenovaného souboru spuštěných jinými uživateli. Ale např. ty můžeš mít tento soubor infikován, takže je třeba to znova zanalyzovat.

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[Petr28]

Tak jsem chtěl ráno pustit Memtest a nechat ho běžet když budu ve škole, ale psalo mi to tohle:

[jaro3]

Spusť několikrát Memtest najednou , pokud máš 4GB RAM = spusť 2x , pokud 8GB = spusť 4x.

[Petr28]

A jak to prosím spustím najednou 4x?