Kontrola PC , někdo mi změnil hesla.

extrem · Příspěvekod **extrem** » 11 zář 2015 19:14

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:46, on 11.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 37.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Users\Omi\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Omi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9356 bytes

Reklama

extrem · Příspěvekod **extrem** » 11 zář 2015 19:17

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-11 19:15:37
-----------------------------
19:15:37.890 OS Version: Windows x64 6.1.7601 Service Pack 1
19:15:37.890 Number of processors: 2 586 0x170A
19:15:37.890 ComputerName: OMI-PC UserName: Omi
19:15:39.809 Initialize success
19:15:39.856 VM: initialized successfully
19:15:39.856 VM: Intel CPU virtualization not supported
19:15:50.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:15:50.095 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:15:50.236 Disk 0 MBR read successfully
19:15:50.236 Disk 0 MBR scan
19:15:50.236 Disk 0 Windows VISTA default MBR code
19:15:50.735 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
19:15:50.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
19:15:50.766 Disk 0 default boot code
19:15:50.782 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292142 MB offset 26830848
19:15:50.891 Disk 0 scanning C:\Windows\system32\drivers
19:15:57.599 Service scanning
19:16:04.057 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
19:16:04.525 Service epfw C:\Windows\system32\DRIVERS\epfw.sys **LOCKED** 5
19:16:04.619 Service EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys **LOCKED** 5
19:16:04.650 Service epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys **LOCKED** 5
19:16:15.601 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:16:20.905 Modules scanning
19:16:20.905 Disk 0 trace - called modules:
19:16:20.936 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spoz.sys hal.dll
19:16:20.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034ac2d0]
19:16:20.952 3 CLASSPNP.SYS[fffff88001dc943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003358050]
19:16:20.952 Disk 0 statistics 128692/0/0 @ 9,66 MB/s
19:16:20.968 Scan finished successfully
19:16:28.534 Disk 0 MBR has been saved successfully to "C:\Users\Omi\Desktop\MBR.dat"
19:16:28.565 The log file has been saved successfully to "C:\Users\Omi\Desktop\aswMBR.txt"

Příspěvekod **jerabina** » 11 zář 2015 23:48

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Omi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy?

extrem · Příspěvekod **extrem** » 12 zář 2015 11:23

Hotovo , no připadá mi že NTB je spíš pomalejší..

Příspěvekod **Orcus** » 12 zář 2015 19:06

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

extrem · Příspěvekod **extrem** » 12 zář 2015 19:09

Mohu při tom FrSt mít zaplej prohlížeč?

extrem · Příspěvekod **extrem** » 12 zář 2015 19:16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015
Ran by Omi (administrator) on OMI-PC (12-09-2015 19:13:26)
Running from C:\Users\Omi\Desktop
Loaded Profiles: Omi (Available Profiles: Omi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2015-02-10] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{09D762C9-851F-4096-9725-FC04E4042F32}: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{484C459F-8045-45C0-B14A-426E4A2EF2DA}: [DhcpNameServer] 84.16.120.1 84.16.96.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Omi\AppData\Roaming\Mozilla\Firefox\Profiles\5fx9ip06.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2737042915-4269745475-1994003038-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Omi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2737042915-4269745475-1994003038-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Omi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Omi\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-07-13] (Octoshape ApS)

Chrome:
=======
CHR Profile: C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Dokumenty Google) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Disk Google) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (YouTube) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]
CHR Extension: (Vyhledávání Google) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10]
CHR Extension: (Tabulky Google) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-10]
CHR Extension: (Gmail) - C:\Users\Omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-26] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2015-04-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2015-02-10] () [File not signed]
U3 a6gltmvw; C:\Windows\System32\Drivers\a6gltmvw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 19:13 - 2015-09-12 19:14 - 00014043 _____ C:\Users\Omi\Desktop\FRST.txt
2015-09-12 19:12 - 2015-09-12 19:13 - 00000000 ____D C:\FRST
2015-09-12 19:11 - 2015-09-12 19:11 - 02190848 _____ (Farbar) C:\Users\Omi\Downloads\FRST64.exe
2015-09-12 19:11 - 2015-09-12 19:11 - 02190848 _____ (Farbar) C:\Users\Omi\Desktop\FRST64.exe
2015-09-12 11:20 - 2015-09-12 11:20 - 00000056 _____ C:\Windows\setupact.log
2015-09-12 11:20 - 2015-09-12 11:20 - 00000000 _____ C:\Windows\setuperr.log
2015-09-12 11:19 - 2015-09-12 11:19 - 00201728 _____ (OldTimer Tools) C:\Users\Omi\Downloads\OTC.exe
2015-09-11 19:16 - 2015-09-11 19:16 - 00000512 _____ C:\Users\Omi\Desktop\MBR.dat
2015-09-11 15:31 - 2015-09-11 15:31 - 00009888 _____ C:\Users\Omi\Desktop\combo.txt
2015-09-10 20:10 - 2015-09-10 20:10 - 00929360 _____ (Google Inc.) C:\Users\Omi\Downloads\ChromeSetup (1).exe
2015-09-10 20:07 - 2015-09-10 20:08 - 00929360 _____ (Google Inc.) C:\Users\Omi\Downloads\ChromeSetup.exe
2015-09-10 16:01 - 2015-09-10 16:01 - 00000000 ____D C:\Users\Omi\AppData\Roaming\Sun
2015-09-10 16:01 - 2015-09-10 16:01 - 00000000 ____D C:\Users\Omi\.oracle_jre_usage
2015-09-10 15:53 - 2015-09-10 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-10 15:53 - 2015-09-10 15:53 - 00000000 ____D C:\ProgramData\ESET
2015-08-31 16:35 - 2015-08-31 16:13 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-31 16:14 - 2015-08-29 10:11 - 00002184 _____ C:\zoek-results2015-08-29-081107.log
2015-08-29 09:55 - 2015-07-20 10:58 - 00012526 _____ C:\zoek-results2015-07-20-085844.log
2015-08-29 09:01 - 2015-08-29 09:02 - 22720584 _____ C:\Users\Omi\Downloads\RogueKillerX64 (1).exe
2015-08-28 16:12 - 2015-08-28 19:22 - 00000000 ____D C:\AdwCleaner
2015-08-28 16:11 - 2015-08-28 16:11 - 01618432 _____ C:\Users\Omi\Downloads\adwcleaner_5.004.exe
2015-08-28 16:06 - 2015-08-28 16:06 - 00448512 _____ (OldTimer Tools) C:\Users\Omi\Downloads\TFC (1).exe
2015-08-28 15:57 - 2015-08-28 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-28 15:56 - 2015-08-28 15:56 - 01476720 _____ C:\Users\Omi\Downloads\SteamSetup.exe
2015-08-28 12:14 - 2015-09-11 19:13 - 00009357 _____ C:\Users\Omi\Downloads\hijackthis.log
2015-08-28 12:13 - 2015-08-28 12:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\Omi\Downloads\HijackThis.exe
2015-08-26 20:04 - 2015-08-26 20:07 - 01554580 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-26 19:51 - 2015-08-26 19:51 - 00889416 _____ (Microsoft Corporation) C:\Users\Omi\Downloads\dotNetFx40_Full_setup.exe
2015-08-26 19:47 - 2015-08-26 20:09 - 00985568 _____ C:\Users\Omi\Downloads\ElophantClient.zip
2015-08-15 12:44 - 2015-09-12 11:18 - 00000000 ____D C:\Users\Omi\AppData\Roaming\TS3Client
2015-08-15 12:44 - 2015-08-15 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-15 12:43 - 2015-08-15 12:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-08-15 12:41 - 2015-08-15 12:42 - 31071896 _____ (TeamSpeak Systems GmbH) C:\Users\Omi\Downloads\TeamSpeak3-Client-win64-3.0.17.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 19:11 - 2015-02-18 20:38 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 11:28 - 2009-07-14 06:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-12 11:28 - 2009-07-14 06:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-12 11:20 - 2015-02-11 22:39 - 01429754 _____ C:\Windows\WindowsUpdate.log
2015-09-12 11:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 11:18 - 2015-06-20 12:37 - 00000000 ____D C:\Users\Omi\AppData\Local\CrashDumps
2015-09-12 11:18 - 2015-05-26 20:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-12 11:16 - 2015-06-13 19:30 - 00000000 ____D C:\Windows\erdnt
2015-09-12 11:15 - 2015-06-06 18:25 - 00000000 ____D C:\Users\Omi\Downloads\backups
2015-09-11 19:07 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-09-11 19:06 - 2009-07-14 04:34 - 63963136 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-11 19:06 - 2009-07-14 04:34 - 18350080 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-11 19:06 - 2009-07-14 04:34 - 00225280 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-11 19:06 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-11 19:06 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SAM.bak
2015-09-10 16:02 - 2015-02-21 12:27 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 16:02 - 2015-02-10 21:17 - 00000000 ____D C:\Users\Omi\AppData\Local\Google
2015-09-10 16:01 - 2015-02-21 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-10 16:01 - 2015-02-09 21:45 - 00000000 ____D C:\Users\Omi
2015-09-10 15:59 - 2015-02-21 12:31 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-04 18:48 - 2015-02-18 20:17 - 00000000 ____D C:\Users\Omi\Desktop\Hry
2015-08-31 16:58 - 2015-03-27 20:44 - 00000000 ____D C:\Users\Omi\Desktop\System
2015-08-31 16:38 - 2015-07-20 10:35 - 00016745 _____ C:\zoek-results.log
2015-08-31 09:56 - 2015-06-06 16:58 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-31 09:29 - 2009-07-14 07:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-28 19:35 - 2015-06-06 15:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 19:33 - 2015-02-10 21:26 - 00000000 ____D C:\Users\Omi\AppData\Local\Apps\2.0
2015-08-28 15:22 - 2015-02-10 05:44 - 00665944 _____ C:\Windows\system32\perfh005.dat
2015-08-28 15:22 - 2015-02-10 05:44 - 00139608 _____ C:\Windows\system32\perfc005.dat
2015-08-28 15:22 - 2009-07-14 07:13 - 01575230 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-24 09:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-22 14:24 - 2015-03-27 20:46 - 00000000 ____D C:\Users\Omi\Desktop\Images

==================== Files in the root of some directories =======

2015-07-03 17:50 - 2015-07-04 20:24 - 0005632 _____ () C:\Users\Omi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-03 14:00 - 2015-05-03 14:00 - 0000017 _____ () C:\Users\Omi\AppData\Local\resmon.resmoncfg
2015-02-10 20:35 - 2015-02-10 20:39 - 0007823 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2015-02-10 21:08 - 2015-02-10 21:09 - 0000091 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-04 19:46

==================== End of FRST.txt ============================

extrem · Příspěvekod **extrem** » 12 zář 2015 19:18

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-09-2015
Ran by Omi (2015-09-12 19:15:04)
Running from C:\Users\Omi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-09 19:45:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2737042915-4269745475-1994003038-500 - Administrator - Disabled)
Guest (S-1-5-21-2737042915-4269745475-1994003038-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2737042915-4269745475-1994003038-1002 - Limited - Enabled)
Omi (S-1-5-21-2737042915-4269745475-1994003038-1000 - Administrator - Enabled) => C:\Users\Omi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1.0 (HKLM-x32\...\Saint Row_is1) (Version: - )
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.5.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Asistent pro přihlášení ke službě Windows Live (HKLM-x32\...\{3E62B27C-342F-4B44-9331-CA4BC59A586F}) (Version: 5.000.818.5 - Microsoft Corporation)
ATI AVIVO64 Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (HKLM-x32\...\{C13E90B0-4E1C-11DB-6784-0152EAA218BE}) (Version: 1.3 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Centrum zařízení Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
Dark Shadows - Army of Evil (HKLM-x32\...\Steam App 280640) (Version: - Burian Media Enterprises)
DynavixManager.exe (HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\...\fed084c560db576b) (Version: 2.6.4.0 - Dynavix)
ESET Smart Security (HKLM\...\{4D8E383E-0AB7-482D-9327-BB92D53312B4}) (Version: 8.0.319.1 - ESET, spol s r. o.)
Euro Truck Simulator 2 - v1.10.1.18s + 13xDLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GTA San Andreas (HKLM-x32\...\GTA San Andreas) (Version: - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Infinite HD™ App (HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{99D7DE4C-2775-4B16-B155-7F09AE939E8E}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 cs)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nástroj pro odesílání služby Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Polda V (HKLM-x32\...\Polda V_is1) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Racer 8 (HKLM-x32\...\Steam App 292380) (Version: - 30.06 Studios Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Software Bluetooth WIDCOMM (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{045A5B69-F66C-4EC0-AF2F-47256237DBC8}) (Version: 6.1.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}) (Version: 14.0.8064.206 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

12-09-2015 11:17:10 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-09-11 19:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18DF2B81-CD80-4DBC-8487-0EDE7DF2C3FC} - System32\Tasks\{437EE8C4-FD64-402A-8ACF-6C1A29554C40} => Iexplore.exe http://www.skype.com/go/downloading?sou ... rror=12002
Task: {4BEBD822-00DF-41A8-9D20-7B6B6BF72B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {4D43CB60-5F73-40B8-8EC2-DAEA242BEC78} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {5979746B-8362-45AF-B39A-D3BBAA288264} - System32\Tasks\{F6E268AB-011C-4A1E-AE21-E5C16D262658} => pcalua.exe -a "D:\GTA 4\gta4cestina02-0101\gta_iv_cestina_02.exe" -d "D:\GTA 4\gta4cestina02-0101"
Task: {82DA6D95-8366-450B-B3B3-BE5DBF9C4DED} - System32\Tasks\{5ECC184C-C709-48E6-B840-55AB089B9831} => pcalua.exe -a C:\Users\Omi\Desktop\Patch\setup.exe -d C:\Users\Omi\Desktop\Patch
Task: {970089BB-F5F5-47C8-980B-F1B51727DB17} - System32\Tasks\{44D17371-7342-4D0F-B018-B5BC554A566B} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {A11C5063-2D26-46BC-A470-015DD7CF0F85} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2737042915-4269745475-1994003038-1000
Task: {CFD3E2C8-7E92-4063-BAFE-66260DFE098D} - System32\Tasks\{9DD676C5-9D08-4708-89D4-322D9EBC6135} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {D3AD769E-EB0E-4898-A778-3B057CDCCBC3} - System32\Tasks\{E3C26FE7-5CEB-4AAF-B44D-0007E61EB88D} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {D3C7959C-7675-4DC3-880E-237D65E89791} - System32\Tasks\{0190669B-6BE0-4AD8-B0F1-02886289CC0C} => Iexplore.exe http://ui.skype.com/ui/0/7.2.0.103/cs/a ... =tsInstall
Task: {E344FEE5-210D-42AE-B7D1-9F33D17A61A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 16:20 - 2015-04-26 16:11 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-20 16:20 - 2015-04-26 16:19 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-10 20:34 - 2015-02-10 20:33 - 00200704 _____ () C:\Windows\PLFSetI.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Omi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 84.16.120.1 - 84.16.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5A48B92-8A06-46CC-AB98-D30EDF70F628}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{D8AABB03-CA8D-478A-9763-5281D43A0491}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{709F98C6-1B56-469C-AA7C-7E33F537B2FB}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{0DB6F52F-2488-4615-B42D-CC238964C6BE}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{D8FF774B-7113-4BD9-B597-4E6F9FD217AE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{256FC14F-72BC-4DC0-A45A-F39B20CEC009}] => (Allow) svchost.exe
FirewallRules: [{309A8064-43AA-407F-8BB9-CFD8C1BAFD9E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{701837E7-1A41-45EA-93BD-F4B4C00A6DFB}] => (Allow) C:\League of Legends\lol.launcher.admin.exe
FirewallRules: [{8CF67EAF-1538-482F-AD22-B96C85BBF9AA}] => (Allow) C:\League of Legends\lol.launcher.admin.exe
FirewallRules: [{7881049E-16C3-449E-89F2-DBB11402F36F}] => (Allow) C:\League of Legends\lol.launcher.admin.exe
FirewallRules: [{534F6C74-3BF1-496B-AB5E-FA5E80D68954}] => (Allow) C:\League of Legends\lol.launcher.admin.exe
FirewallRules: [{85D35F78-D96A-4134-85D4-BAE819C4B1D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{6611503B-69F0-46E9-9197-DC29733A8B47}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{38842202-9E7F-4896-9DFF-8DD2088ECC6D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4995002A-02D5-4E91-A60E-6A0A6B7B898E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{85F07C54-6DE4-44D2-8ECE-80E3E49AB79D}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.129\deploy\LolClient.exe
FirewallRules: [{A78F1871-BDCC-4F69-A85D-841E0F6F2C49}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.129\deploy\LolClient.exe
FirewallRules: [{91A48D1C-B943-4757-ABF1-7D002A8107FE}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.129\deploy\LolClient.exe
FirewallRules: [{ABC44871-FFEC-4754-9D9C-FFFCD07B9E74}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.129\deploy\LolClient.exe
FirewallRules: [{65A04E88-CDB2-4236-8590-08F2FC39FC01}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{1CA8ED65-5073-47F1-9C87-65A006326CF3}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{57F55F22-52E8-4D83-BDCC-226A692144CC}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{9A11B8E1-B356-4B56-8D7E-ACEBE6B94933}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{0036CB1F-AC7F-46AD-A1D8-555AB93F3457}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{1D0E2DD4-D171-48EC-B5AF-DE218F7796A2}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{96A601ED-6FB5-4EE1-9062-BC3A5BC09E36}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{C57BBA9F-A128-49C5-A749-021BE0C2F479}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CBFF626D-5F0E-483C-B55B-2F02F241A5F2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{B353838D-88EF-4DF0-9880-F14D985222C0}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{D1BBC257-74A3-444C-BDC0-12229478B415}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{E9CDFFB4-6CE4-4006-ABF3-36E3CAF7412A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{ED9D8336-D430-416A-84C4-E21D2F24892A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{4655B217-9533-49A0-B4A0-9B4DE6DE9CB7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{39C6C979-E74F-44C7-AEB8-F0ACB8491CAE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A948CA60-5263-468B-8442-7CDAB6F5634C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8929B1AE-AAB9-47FF-9145-39A770D54C72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2B1F49B4-0895-45B0-8F20-A40BFDE2C1A9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{318E1FAB-CCDD-4825-B0CF-0B81DF5F8E76}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A54AB5A5-C727-4D40-B762-4E4837E4A34D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{492BC00A-3C36-4D18-839D-2BDE29211252}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe
FirewallRules: [{FBDCF1B4-15AF-4B34-87C2-7EDE5C799C8E}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe
FirewallRules: [{FDF5C67F-6593-4E92-9D6A-F1B58D17BDA6}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe
FirewallRules: [{A496771C-CB2D-441F-8493-BBC78F5C7E45}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe
FirewallRules: [{4576C28F-6192-4892-AE7B-82D71DCF9743}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe
FirewallRules: [{0FA50442-7737-4C0B-8C9E-5D0C2B233B85}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe
FirewallRules: [{2EC72C8A-C766-4D62-954B-EA9E158308EC}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe
FirewallRules: [{79E586E4-ECB6-4108-8EFD-25ADBD3B043E}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe
FirewallRules: [{C7986C06-FE63-4C4E-95BA-A5257D19E578}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E904847B-3D98-44FF-8EF8-8B23CF993807}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CD8A245-87AE-4488-B18C-50A6C1892D30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{516E7CE3-2CEA-423A-A670-4698F53A3080}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C163899-B08F-424F-BC48-CCA2EFC946BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{44166EE2-76EC-4C88-BA5E-5E74304DFDA2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7F7C37C0-59C7-4808-8412-B202B954B618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{954D0D34-E599-4184-867E-5A0B609AB680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FD899C2B-0E55-4D0D-ABB0-9D8DF3817DA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Racer 8\Racer8.exe
FirewallRules: [{6B78CAED-FA28-431B-8505-D17B42B6A64E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Racer 8\Racer8.exe
FirewallRules: [{EA407B31-E72C-4E47-8F3B-73D44945D3C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2015 03:21:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\wbem\wmiprvse.exe; Popis = ComboFix created restore point; Chyba = 0x8007043c).

Error: (09/11/2015 03:21:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007043c, Tuto službu nelze spustit v nouzovém režimu.
.

Operace:
Vytvoření instance serveru VSS

Error: (09/11/2015 03:21:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: Chyba služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit v nouzovém režimu.
Službu Stínová kopie svazku nelze spustit v nouzovém režimu. [0x8007043c, Tuto službu nelze spustit v nouzovém režimu.
]

Operace:
Vytvoření instance serveru VSS

Error: (09/06/2015 04:34:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version v prvku assemblyIdentity je neplatná.

Error: (09/05/2015 03:58:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version v prvku assemblyIdentity je neplatná.

Error: (09/04/2015 07:48:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version v prvku assemblyIdentity je neplatná.

Error: (09/04/2015 03:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: steamwebhelper.exe, verze: 2.92.69.85, časové razítko: 0x55d4cacb
Název chybujícího modulu: libcef.dll, verze: 3.2357.1273.0, časové razítko: 0x5581d4e8
Kód výjimky: 0x80000003
Posun chyby: 0x000582ba
ID chybujícího procesu: 0x13b0
Čas spuštění chybující aplikace: 0xsteamwebhelper.exe0
Cesta k chybující aplikaci: steamwebhelper.exe1
Cesta k chybujícímu modulu: steamwebhelper.exe2
ID zprávy: steamwebhelper.exe3

Error: (09/04/2015 03:37:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: steamwebhelper.exe, verze: 2.92.69.85, časové razítko: 0x55d4cacb
Název chybujícího modulu: libcef.dll, verze: 3.2357.1273.0, časové razítko: 0x5581d4e8
Kód výjimky: 0x80000003
Posun chyby: 0x000582ba
ID chybujícího procesu: 0x13a8
Čas spuštění chybující aplikace: 0xsteamwebhelper.exe0
Cesta k chybující aplikaci: steamwebhelper.exe1
Cesta k chybujícímu modulu: steamwebhelper.exe2
ID zprávy: steamwebhelper.exe3

Error: (08/29/2015 04:36:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LolClient.exe, verze: 0.0.0.0, časové razítko: 0x515663e0
Název chybujícího modulu: WebKit.dll, verze: 6531.9.0.0, časové razítko: 0x51566370
Kód výjimky: 0xc0000005
Posun chyby: 0x000a9965
ID chybujícího procesu: 0x1084
Čas spuštění chybující aplikace: 0xLolClient.exe0
Cesta k chybující aplikaci: LolClient.exe1
Cesta k chybujícímu modulu: LolClient.exe2
ID zprávy: LolClient.exe3

Error: (08/27/2015 03:33:51 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: lol_rads_riotgames_comLoLPatcher-1

System errors:
=============
Error: (09/12/2015 11:10:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (11:08:56, ‎12.‎9.‎2015) bylo neočekávané.

Error: (09/11/2015 08:05:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/11/2015 07:05:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (09/11/2015 07:05:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (09/11/2015 07:04:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (09/11/2015 07:04:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (09/11/2015 07:00:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (09/11/2015 06:55:58 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (09/11/2015 03:31:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/11/2015 03:31:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-11 19:04:05.940
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-11 19:04:05.925
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-11 19:04:05.909
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-11 19:04:05.894
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-11 18:55:58.674
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-11 18:55:58.658
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-21 08:26:24.115
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-21 08:26:24.099
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-21 08:26:24.084
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-21 08:26:24.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 24%
Total physical RAM: 3066.93 MB
Available physical RAM: 2329.89 MB
Total Virtual: 6132.05 MB
Available Virtual: 4949.05 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:285.3 GB) (Free:185.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 91ED91ED)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Příspěvekod **Orcus** » 12 zář 2015 23:33

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
C:\Program Files (x86)\Google\Google Toolbar
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
U3 a6gltmvw; C:\Windows\System32\Drivers\a6gltmvw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\a6gltmvw.sys
C:\Windows\Tasks\Adobe Flash Player Updater.job
Task: {18DF2B81-CD80-4DBC-8487-0EDE7DF2C3FC} - System32\Tasks\{437EE8C4-FD64-402A-8ACF-6C1A29554C40} => Iexplore.exe http://www.skype.com/go/downloading?sou ... rror=12002
Task: {4BEBD822-00DF-41A8-9D20-7B6B6BF72B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {4D43CB60-5F73-40B8-8EC2-DAEA242BEC78} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {5979746B-8362-45AF-B39A-D3BBAA288264} - System32\Tasks\{F6E268AB-011C-4A1E-AE21-E5C16D262658} => pcalua.exe -a "D:\GTA 4\gta4cestina02-0101\gta_iv_cestina_02.exe" -d "D:\GTA 4\gta4cestina02-0101"
Task: {82DA6D95-8366-450B-B3B3-BE5DBF9C4DED} - System32\Tasks\{5ECC184C-C709-48E6-B840-55AB089B9831} => pcalua.exe -a C:\Users\Omi\Desktop\Patch\setup.exe -d C:\Users\Omi\Desktop\Patch
Task: {970089BB-F5F5-47C8-980B-F1B51727DB17} - System32\Tasks\{44D17371-7342-4D0F-B018-B5BC554A566B} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {A11C5063-2D26-46BC-A470-015DD7CF0F85} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2737042915-4269745475-1994003038-1000
Task: {CFD3E2C8-7E92-4063-BAFE-66260DFE098D} - System32\Tasks\{9DD676C5-9D08-4708-89D4-322D9EBC6135} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {D3AD769E-EB0E-4898-A778-3B057CDCCBC3} - System32\Tasks\{E3C26FE7-5CEB-4AAF-B44D-0007E61EB88D} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {D3C7959C-7675-4DC3-880E-237D65E89791} - System32\Tasks\{0190669B-6BE0-4AD8-B0F1-02886289CC0C} => Iexplore.exe http://ui.skype.com/ui/0/7.2.0.103/cs/a ... =tsInstall
Task: {E344FEE5-210D-42AE-B7D1-9F33D17A61A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

extrem · Příspěvekod **extrem** » 13 zář 2015 09:33

Fix result of Farbar Recovery Scan Tool (x64) Version:12-09-2015
Ran by Omi (2015-09-13 09:28:41) Run:1
Running from C:\Users\Omi\Desktop
Loaded Profiles: Omi (Available Profiles: Omi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ627
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2737042915-4269745475-1994003038-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
C:\Program Files (x86)\Google\Google Toolbar
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
U3 a6gltmvw; C:\Windows\System32\Drivers\a6gltmvw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\a6gltmvw.sys
C:\Windows\Tasks\Adobe Flash Player Updater.job
Task: {18DF2B81-CD80-4DBC-8487-0EDE7DF2C3FC} - System32\Tasks\{437EE8C4-FD64-402A-8ACF-6C1A29554C40} => Iexplore.exe http://www.skype.com/go/downloading?sou ... rror=12002
Task: {4BEBD822-00DF-41A8-9D20-7B6B6BF72B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {4D43CB60-5F73-40B8-8EC2-DAEA242BEC78} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {5979746B-8362-45AF-B39A-D3BBAA288264} - System32\Tasks\{F6E268AB-011C-4A1E-AE21-E5C16D262658} => pcalua.exe -a "D:\GTA 4\gta4cestina02-0101\gta_iv_cestina_02.exe" -d "D:\GTA 4\gta4cestina02-0101"
Task: {82DA6D95-8366-450B-B3B3-BE5DBF9C4DED} - System32\Tasks\{5ECC184C-C709-48E6-B840-55AB089B9831} => pcalua.exe -a C:\Users\Omi\Desktop\Patch\setup.exe -d C:\Users\Omi\Desktop\Patch
Task: {970089BB-F5F5-47C8-980B-F1B51727DB17} - System32\Tasks\{44D17371-7342-4D0F-B018-B5BC554A566B} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {A11C5063-2D26-46BC-A470-015DD7CF0F85} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2737042915-4269745475-1994003038-1000
Task: {CFD3E2C8-7E92-4063-BAFE-66260DFE098D} - System32\Tasks\{9DD676C5-9D08-4708-89D4-322D9EBC6135} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {D3AD769E-EB0E-4898-A778-3B057CDCCBC3} - System32\Tasks\{E3C26FE7-5CEB-4AAF-B44D-0007E61EB88D} => Chrome.exe http://ui.skype.com/ui/0/7.4.80.102/cs/ ... rogressBar
Task: {D3C7959C-7675-4DC3-880E-237D65E89791} - System32\Tasks\{0190669B-6BE0-4AD8-B0F1-02886289CC0C} => Iexplore.exe http://ui.skype.com/ui/0/7.2.0.103/cs/a ... =tsInstall
Task: {E344FEE5-210D-42AE-B7D1-9F33D17A61A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKU\S-1-5-21-2737042915-4269745475-1994003038-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
WinDefend => Unable to stop service.
WinDefend => service removed successfully
a6gltmvw => service not found.
"C:\Windows\System32\Drivers\a6gltmvw.sys" => File/Folder not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18DF2B81-CD80-4DBC-8487-0EDE7DF2C3FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18DF2B81-CD80-4DBC-8487-0EDE7DF2C3FC}" => key removed successfully
C:\Windows\System32\Tasks\{437EE8C4-FD64-402A-8ACF-6C1A29554C40} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{437EE8C4-FD64-402A-8ACF-6C1A29554C40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BEBD822-00DF-41A8-9D20-7B6B6BF72B3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BEBD822-00DF-41A8-9D20-7B6B6BF72B3E}" => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D43CB60-5F73-40B8-8EC2-DAEA242BEC78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D43CB60-5F73-40B8-8EC2-DAEA242BEC78}" => key removed successfully
C:\Windows\System32\Tasks\SidebarExecute => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5979746B-8362-45AF-B39A-D3BBAA288264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5979746B-8362-45AF-B39A-D3BBAA288264}" => key removed successfully
C:\Windows\System32\Tasks\{F6E268AB-011C-4A1E-AE21-E5C16D262658} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F6E268AB-011C-4A1E-AE21-E5C16D262658}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82DA6D95-8366-450B-B3B3-BE5DBF9C4DED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DA6D95-8366-450B-B3B3-BE5DBF9C4DED}" => key removed successfully
C:\Windows\System32\Tasks\{5ECC184C-C709-48E6-B840-55AB089B9831} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5ECC184C-C709-48E6-B840-55AB089B9831}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{970089BB-F5F5-47C8-980B-F1B51727DB17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{970089BB-F5F5-47C8-980B-F1B51727DB17}" => key removed successfully
C:\Windows\System32\Tasks\{44D17371-7342-4D0F-B018-B5BC554A566B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44D17371-7342-4D0F-B018-B5BC554A566B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A11C5063-2D26-46BC-A470-015DD7CF0F85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A11C5063-2D26-46BC-A470-015DD7CF0F85}" => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-2737042915-4269745475-1994003038-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-2737042915-4269745475-1994003038-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD3E2C8-7E92-4063-BAFE-66260DFE098D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD3E2C8-7E92-4063-BAFE-66260DFE098D}" => key removed successfully
C:\Windows\System32\Tasks\{9DD676C5-9D08-4708-89D4-322D9EBC6135} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DD676C5-9D08-4708-89D4-322D9EBC6135}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3AD769E-EB0E-4898-A778-3B057CDCCBC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3AD769E-EB0E-4898-A778-3B057CDCCBC3}" => key removed successfully
C:\Windows\System32\Tasks\{E3C26FE7-5CEB-4AAF-B44D-0007E61EB88D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E3C26FE7-5CEB-4AAF-B44D-0007E61EB88D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C7959C-7675-4DC3-880E-237D65E89791}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C7959C-7675-4DC3-880E-237D65E89791}" => key removed successfully
C:\Windows\System32\Tasks\{0190669B-6BE0-4AD8-B0F1-02886289CC0C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0190669B-6BE0-4AD8-B0F1-02886289CC0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E344FEE5-210D-42AE-B7D1-9F33D17A61A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E344FEE5-210D-42AE-B7D1-9F33D17A61A0}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully

The system needed a reboot..

==== End of Fixlog 09:29:50 ====

extrem · Příspěvekod **extrem** » 13 zář 2015 09:43

A ještě jsem se chtěl zeptat , při tom CCleaneru mám udělat přesně podle tohoto návodu ? : viewtopic.php?f=70&t=5130&p=24467#p24467 .Nebo stačí jen Analyzovat a pak Vyčistit ? Raději se ptám abych si nějak ty registry nerozházel.

Příspěvekod **jerabina** » 13 zář 2015 13:28

Registry nedělej, udělej jenom dočasné soubory apod.

+ poté napiš co problémy.

Kontrola PC , někdo mi změnil hesla. Vyřešeno

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Re: Kontrola PC , někdo mi změnil hesla.

Kdo je online