S.O.S. - Kryptik

[margoman]

Ahoj,

sháním dobrou duši, která mi za úplatu pomůže vyřešit tento problém. Ráno jsem se jal spustit počítač a vždy zčernala obrazovka. Zkoušel jsem spustit nouzák a dá obnovení z poslední aktualizace - neúspěšně. Když jsem spustil eset, tak detekoval toho kryptika.

Děkuji za pomoc

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Marek (2015-07-30 09:33:13)
Running from C:\Users\marek.SCREEN-PRINT\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-820385131-1614150226-2613283517-500 - Administrator - Disabled)
Guest (S-1-5-21-820385131-1614150226-2613283517-501 - Limited - Disabled)
marek (S-1-5-21-820385131-1614150226-2613283517-1001 - Administrator - Enabled) => C:\Users\marek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1710 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1710 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)
BS Player Toolbar (HKLM-x32\...\BS_Player Toolbar) (Version: 6.8.2.0 - BS Player) <==== ATTENTION
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.61.1065 - AB Team, d.o.o.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.52.0.50 - Conexant)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.899 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.20.0 - Egis Technology Inc.)
Emulator Starter (HKU\S-1-5-21-1551191566-3769978263-131787797-1806\...\32bce9526e87661e) (Version: 1.0.0.135 - Free Game Empire)
EPS File Viewer (HKLM-x32\...\{35B4B5ED-41DE-4CAB-A757-F967474819DC}_is1) (Version: - epsfileviewer.com)
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
ESET Smart Security (HKLM\...\{E4BA35A7-9715-4405-951E-E60B4ED0C7B0}) (Version: 8.0.312.3 - ESET, spol s r. o.)
ESO9 .NET klient 4.4.11 (HKLM-x32\...\{06514450-CA27-4794-9E85-2A993D198DF2}) (Version: 4.4.11 - ESO9 intranet a.s.)
ESO9 .NET klient 4.5.2 (HKLM-x32\...\{77BA73B4-7639-4317-BE13-1CA1DC9DAC7C}) (Version: 4.5.2 - ESO9 intranet a.s.)
ESO9 .NET klient 4.6.17 (HKLM-x32\...\{D178A737-3859-43DE-8D3C-228974716DF0}) (Version: 4.6.17 - ESO9 intranet a.s.)
ESO9 .NET klient 4.7.14 (HKLM-x32\...\{EC3AC4A5-8196-4429-AAE6-7382105E8CB9}) (Version: 4.7.14 - ESO9 international a.s.)
ESO9 .NET klient 4.8.5 (HKLM-x32\...\{8B183D4B-CB27-407E-813F-8077FFA83878}) (Version: 4.8.5 - ESO9 international a.s.)
ESO9 .NET klient 4.9.3 (HKLM-x32\...\{9E8B4048-74D2-4930-B80D-D7B28D74C890}) (Version: 4.9.3 - ESO9 international a.s.)
ESO9 .NET klient 5.0.4 (HKLM-x32\...\{61DB1E57-AB32-42E8-AB35-D1679C3AA8BA}) (Version: 5.0.4 - ESO9 international a.s.)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free RAW Viewer 1.00 (HKLM-x32\...\Free RAW Viewer_is1) (Version: - DIFIAPRO)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inkscape 0.91pre4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.8s1 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 pro podnikatele (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 cs)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.1 - Frank Heindörfer, Philip Chinery)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProShield (HKLM-x32\...\InstallShield_{08CCD7B4-9EED-4926-805D-C4FFF869989A}) (Version: 1.0.48.3 - Egis Technology Inc.)
ProShield (Version: 1.0.48.3 - Egis Technology Inc.) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rayman Origins Demo (HKLM-x32\...\{D511787A-68E3-45D9-8DEC-FF45ECBFB0FC}) (Version: 1.01 - Ubisoft)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Screenshot Captor 3.00.00 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1551191566-3769978263-131787797-1806_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\icmp.dll No File

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-05-15 16:24 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Ahoj,

sháním dobrou duši, která mi za úplatu vyřeší tento problém.

Děkuji

Task: {0F113765-FF41-4BB8-9B26-826E99DE6AD3} - System32\Tasks\{780B41E2-8B26-49AB-A68C-17CFA7F16144} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/cs/a ... age=tsMain
Task: {23DF901B-37FA-4515-B460-594B6733EA37} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-16] (Adobe Systems Incorporated)
Task: {40A35E30-6231-4BBD-9B43-A5AC77BF6AD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {4206E477-77A1-4052-87E7-6B7FF8BA729E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {5607D6F0-42C1-4340-90F1-278D0C6ECD95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8b87d71e8c27 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {7B1E798A-67D4-4102-8737-52C51A3252ED} - System32\Tasks\GoogleUpdateTaskMachineUA1d040d4f3b44142 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {88504419-9D26-4703-A5B6-CC6802EF2652} - System32\Tasks\GoogleUpdateTaskMachineUA1d0003a919dfb1c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {8F105C68-7974-4575-BB41-B6FED00AD5EF} - System32\Tasks\Acer Registration - Reminder Recall task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2011-05-11] (Acer Incorporated)
Task: {AC96D95E-D45C-4B83-A3DB-3B5219473DD7} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Acer Registration - Reminder Recall task.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b87d71e8c27.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0003a919dfb1c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040d4f3b44142.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-04 23:15 - 2011-06-04 23:15 - 01407536 _____ () C:\Program Files\Acer ProShield\LIBEAY32.dll
2012-04-14 21:10 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1551191566-3769978263-131787797-1806\...\eso.cz -> hxxps://eso.cz


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1551191566-3769978263-131787797-1806\Control Panel\Desktop\\Wallpaper -> C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4A991B43-5192-400B-9ECA-56B6DB37F74F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{175DA7F1-970D-4C25-A75E-9B4469FBCE97}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D98328CF-3652-4F01-AE44-24EDD3548698}] => (Allow) LPort=2869
FirewallRules: [{BD485BFA-A9DC-4966-B96E-C262A4A4C010}] => (Allow) LPort=1900
FirewallRules: [{E25B295F-6AF1-4A6C-B91D-E65FCF9A4853}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{9E8BBE83-EB34-41A7-88D8-891835C3C67C}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
FirewallRules: [{982485B4-2A6E-4389-B2A2-BB64AFAF3D53}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{52F7DD24-046F-44C8-9C8A-EDC83AFB64C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{502C2F09-560C-42EF-A51B-BFF2927FDE98}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{12FA6B6E-CD70-4803-9FCD-88FCDFA3FFBB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [TCP Query User{95E24016-8E59-4FE3-A1F6-4450E733BC41}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{DED660D8-3961-457D-B927-B05496BDF38E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{01D91E33-EC95-4FDA-B0FD-846C1AE1C59B}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins Demo\Rayman Origins.exe
FirewallRules: [{5B980DA1-4DC2-455C-A48C-A4F8155A2B2F}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins Demo\Rayman Origins.exe
FirewallRules: [{36545A39-B308-4478-9C9B-A83D6F66591F}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins Demo\gu.exe
FirewallRules: [{C0BBAC23-CAAA-4BEB-90AC-AAFB77CEE86D}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins Demo\gu.exe
FirewallRules: [{2149FABC-C191-479F-BB3F-8B14F8265A3A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{14FEE208-D82B-483D-BDAF-219EDD611E7D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{56DA67BA-C7C4-4D95-BE62-3056D3AAB473}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7CB7F82A-818A-4DA7-AA1A-BB9AF1FF0CF9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C3A620E9-015B-40E5-8C3E-C0C5E26D2137}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8BB9115-7822-45EB-81FE-1EE73E3C79FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11280787-3327-4120-A6A5-F88C9E6ED0BD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0F19408E-24A8-4939-93EF-5151FA07BB0D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8464E81F-5D17-46E8-AA0F-1B953778CEA9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4C694D00-8896-4F87-A747-6E62394E6FBA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7A2A39E0-2D00-4BF5-94B7-44357343BFBF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2015 09:04:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office 2010 pro podnikatele; Chyba = 0x8007043c).

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007043c).

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Nepodařilo se získat správce oboru procházení. Chyba=0x8007043c.

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007043c).

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Nepodařilo se získat správce oboru procházení. Chyba=0x8007043c.

Error: (07/30/2015 09:03:10 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Nástroj Obnovení systému nebyl spuštěn, protože systém byl restartován, bylo odpojeno napájení nebo přestal odpovídat. Další informace: (Naplánovaný kontrolní bod).

Error: (07/30/2015 09:00:11 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Během obnovení systému došlo k nespecifikované chybě: (Windows Update). Další informace: 0x80070057.

Error: (07/30/2015 08:51:40 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Během obnovení systému došlo k nespecifikované chybě: (Windows Update). Další informace: 0x80070057.

Error: (07/23/2015 12:27:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ePowerTray.exe, verze: 6.0.3007.0, časové razítko: 0x4dc8d2d5
Název chybujícího modulu: ePowerTray.exe, verze: 6.0.3007.0, časové razítko: 0x4dc8d2d5
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000012049
ID chybujícího procesu: 0xc0c
Čas spuštění chybující aplikace: 0xePowerTray.exe0
Cesta k chybující aplikaci: ePowerTray.exe1
Cesta k chybujícímu modulu: ePowerTray.exe2
ID zprávy: ePowerTray.exe3

Error: (07/23/2015 12:18:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program firefox.exe verze 39.0.0.5659 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 11e8

Čas spuštění: 01d0c44345eec098

Čas ukončení: 3257

Cesta k aplikaci: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

ID hlášení: c5f76075-3121-11e5-b102-e89a8fe43ca7


System errors:
=============
Error: (07/30/2015 09:35:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (07/30/2015 09:34:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (07/30/2015 09:34:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (07/30/2015 09:33:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (07/30/2015 09:33:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (07/30/2015 09:33:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (07/30/2015 09:33:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (07/30/2015 09:33:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (07/30/2015 09:30:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (07/30/2015 09:30:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1068


Microsoft Office:
=========================
Error: (07/30/2015 09:04:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office 2010 pro podnikatele0x8007043c

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c

Error: (07/30/2015 09:03:49 AM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c

Error: (07/30/2015 09:03:10 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Naplánovaný kontrolní bod

Error: (07/30/2015 09:00:11 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070057

Error: (07/30/2015 08:51:40 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070057

Error: (07/23/2015 12:27:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3007.04dc8d2d5ePowerTray.exe6.0.3007.04dc8d2d5c00000050000000000012049c0c01d0c531df42fa48C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe64dbc00f-3125-11e5-b6b5-e89a8fe43ca7

Error: (07/23/2015 12:18:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.565911e801d0c44345eec0983257C:\Program Files (x86)\Mozilla Firefox\firefox.exec5f76075-3121-11e5-b102-e89a8fe43ca7


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 3947.86 MB
Available physical RAM: 2534.96 MB
Total Virtual: 7893.91 MB
Available Virtual: 6646.65 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:303.18 GB) (Free:199.79 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:146.48 GB) (Free:65.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D5768957)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=303.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=146.5 GB) - (Type=OF Extended)

==================== End of log ============================

[JaRon]

ahoj,
skus vlozit ten opacny log FRST

[margoman]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Marek (administrator) on NB-PETRASEK (30-07-2015 09:31:33)
Running from C:\Users\marek.SCREEN-PRINT\Desktop
Loaded Profiles: Marek (Available Profiles: Marek & marek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ecls.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2697512 2011-02-17] (Synaptics Incorporated)
HKLM\...\Run: [ProShieldTSR] => C:\Program Files\Acer ProShield\EgisTSR.exe [165936 2011-06-04] (Egis Technology Inc. )
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1110096 2011-07-01] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2011-08-19]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-1551191566-3769978263-131787797-1806 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files\Acer ProShield\x86\EgisPBIE.dll [2011-06-04] (Egis Technology Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-08-02] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
DPF: HKLM-x32 {10B3A0AB-2FF7-45B4-BB50-D9ADA590EB5E} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient4.cab
DPF: HKLM-x32 {2C19D17C-ECFB-458D-95B0-456771C836F4} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient8.cab
DPF: HKLM-x32 {4567C9BE-2BF0-417B-9817-F4C4A424205F} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient0.cab
DPF: HKLM-x32 {63B75E5F-9C2C-4101-B8FC-6BBC6389DCA7} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient5.cab
DPF: HKLM-x32 {8CE763DA-0B0F-42E2-8634-91AE02F5AAF8} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient6.cab
DPF: HKLM-x32 {A83E5F4F-FD76-498D-9196-349431421577} https://asp2.eso.cz/Eso9Supp.net/LIB/CA ... lient7.cab
DPF: HKLM-x32 {DB7ACFA2-9634-4C98-BC9D-FB9416153022} http://192.168.17.26/nvEPLMedia.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76BE6B44-7F01-4A21-B797-181BADE6AFCA}: [DhcpNameServer] 192.168.17.2
Tcpip\..\Interfaces\{9E2E617B-AF5B-43D7-8443-FDDCDC8FC885}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN27284241795017106&UM=&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: BS Player ControlBar - C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Mozilla\Firefox\Profiles\nn06s39w.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2014-07-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt [2011-11-04]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files\Acer ProShield\FFExt20 [2011-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Google Drive) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (YouTube) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Google Search) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Bookmark Manager) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\marek.SCREEN-PRINT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-02] (Atheros Commnucations) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 EgisTec Service; C:\Program Files\Acer ProShield\x86\EgisService.exe [195120 2011-06-04] (Egis Technology Inc. )
S2 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [212016 2011-06-04] (Egis Technology Inc. )
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\81A7E9DEEC2EE57EE18AA54D853A9A53\mqodbz9j6.dot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-16] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-16] (Marvell Semiconductor, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 09:31 - 2015-07-30 09:32 - 00015189 _____ C:\Users\marek.SCREEN-PRINT\Desktop\FRST.txt
2015-07-30 09:30 - 2015-07-30 09:30 - 00029696 _____ C:\Users\marek.SCREEN-PRINT\AppData\Local\MSGBOX.EXE
2015-07-30 09:30 - 2015-07-30 09:30 - 00015327 _____ C:\Users\marek.SCREEN-PRINT\Desktop\LM.bat
2015-07-30 09:26 - 2015-07-30 09:27 - 00112640 _____ (forum.viry.cz) C:\Users\marek.SCREEN-PRINT\Desktop\FRSTLauncher.exe
2015-07-30 09:18 - 2015-07-30 09:18 - 02169856 _____ (Farbar) C:\Users\marek.SCREEN-PRINT\Desktop\FRST64.exe
2015-07-30 09:11 - 2015-07-30 09:11 - 00000058 _____ C:\Windows\SysWOW64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-14 14:16 - 2015-07-14 14:16 - 00509822 ____N C:\Users\marek.SCREEN-PRINT\Desktop\Logo_SH-LO_2011_CMYK.eps
2015-07-01 14:00 - 2015-07-01 14:00 - 00295818 ____N C:\Users\marek.SCREEN-PRINT\Desktop\wetech_vector_4C.EPS
2015-06-30 14:30 - 2015-06-30 14:30 - 00384890 ____N C:\Users\marek.SCREEN-PRINT\Desktop\SHB_Logo_2 frb ohne Wappen.eps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 09:31 - 2014-05-12 17:07 - 00000000 ___DC C:\FRST
2015-07-30 09:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-07-30 09:11 - 2012-03-25 00:11 - 00000058 _____ C:\Users\marek.SCREEN-PRINT\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-30 09:11 - 2012-03-25 00:10 - 00000000 ____D C:\Program Files (x86)\ScreenshotCaptor
2015-07-30 09:04 - 2014-04-24 12:25 - 00000000 ____D C:\Users\marek.SCREEN-PRINT\AppData\Roaming\TeamViewer
2015-07-30 09:03 - 2015-05-06 17:54 - 01641224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-30 09:03 - 2011-11-04 21:15 - 00687604 _____ C:\Windows\system32\perfh005.dat
2015-07-30 09:03 - 2011-11-04 21:15 - 00147858 _____ C:\Windows\system32\perfc005.dat
2015-07-30 09:02 - 2014-11-12 09:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-30 09:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-30 09:01 - 2009-07-14 06:51 - 00103102 _____ C:\Windows\setupact.log
2015-07-30 09:00 - 2011-11-04 20:24 - 01077064 _____ C:\Windows\WindowsUpdate.log
2015-07-30 08:08 - 2015-02-05 01:47 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040d4f3b44142.job
2015-07-30 07:52 - 2014-11-14 20:41 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0003a919dfb1c.job
2015-07-30 07:52 - 2012-05-02 06:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-30 07:46 - 2014-06-19 08:29 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b87d71e8c27.job
2015-07-30 07:33 - 2012-03-15 17:40 - 00000392 _____ C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2015-07-29 13:19 - 2012-03-19 10:57 - 00000144 _____ C:\Windows\system32\config\netlogon.ftl
2015-07-29 10:42 - 2013-12-17 22:38 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{19EFBD71-2E48-46C8-B2B8-92809C9818EA}
2015-07-29 09:08 - 2013-01-19 13:02 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 08:04 - 2013-01-19 13:02 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-26 05:45 - 2009-07-14 06:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 05:45 - 2009-07-14 06:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 12:27 - 2012-04-06 20:11 - 00000000 ____D C:\Users\marek.SCREEN-PRINT\AppData\Local\CrashDumps
2015-07-23 12:07 - 2012-03-22 19:49 - 00000000 ____D C:\Users\marek.SCREEN-PRINT\AppData\Roaming\Skype
2015-07-22 08:20 - 2011-08-19 12:24 - 00000000 ____D C:\ProgramData\Skype
2015-07-22 07:50 - 2015-06-03 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-22 07:50 - 2012-05-02 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-22 07:50 - 2010-11-21 05:47 - 00050772 _____ C:\Windows\PFRO.log
2015-07-16 20:53 - 2012-05-02 06:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 20:53 - 2012-05-02 06:26 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 20:53 - 2011-08-19 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 09:03 - 2015-02-05 01:47 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d040d4f3b44142
2015-07-16 09:03 - 2013-01-19 13:02 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 13:17 - 2012-03-19 11:21 - 00002006 ____H C:\Users\marek.SCREEN-PRINT\Documents\Default.rdp
2015-07-14 20:41 - 2014-04-24 12:25 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-07-14 20:41 - 2014-04-24 12:25 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-07-09 12:00 - 2014-07-30 15:37 - 00000389 _____ C:\Windows\wininit.ini

==================== Files in the root of some directories =======

2014-05-26 10:31 - 2014-05-26 10:31 - 0000244 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Roaming\4471165.bat
2012-03-25 00:11 - 2015-07-30 09:11 - 0000058 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-30 09:30 - 2015-07-30 09:30 - 0029696 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Local\MSGBOX.EXE
2015-05-06 17:36 - 2015-05-06 17:36 - 0000218 _____ () C:\Users\marek.SCREEN-PRINT\AppData\Local\recently-used.xbel
2012-08-08 20:44 - 2010-03-30 11:12 - 0024772 _____ () C:\ProgramData\P1210DEF.css
2012-08-08 20:44 - 2014-10-15 11:31 - 0015740 _____ () C:\ProgramData\P1210OS.HTM
2012-08-08 20:44 - 2010-03-30 11:12 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF

Some files in TEMP:
====================
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\InstHelper.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marek.SCREEN-PRINT\AppData\Local\Temp\sn0pqkcv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 08:02

==================== End of log ============================

[JaRon]

- vycisti PC s ADWCleanerom
- co urobil NOD s Kryptikom ? zmazal ho ?

[margoman]

Tady je screenshot

[JaRon]

OK, ako to vypada s pocitacom po ADWC

[margoman]

Nevím, jestli se to podařilo. Spustím scan pak dám čistit, počítač se začne restartovat a nabíhá standratním způsobem, takže černý monitor. Musím ho na tvrdo vypnout a spustit zase v nouzovém režimu.

Tohle píše log:

# AdwCleaner v4.208 - Log vytvořen 30/07/2015 v 11:55:01
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-26.2 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Marek - NB-PETRASEK
# Spuštěno z : C:\Users\marek.SCREEN-PRINT\Downloads\adwcleaner_4.208.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Nalezeno : HKCU\Software\Conduit
Klíč Nalezeno : [x64] HKCU\Software\Conduit

***** [ Prohlížeče ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Google Chrome v44.0.2403.125


*************************

AdwCleaner[R0].txt - [3090 bytů] - [30/07/2015 11:32:04]
AdwCleaner[R1].txt - [932 bytů] - [30/07/2015 11:43:40]
AdwCleaner[R2].txt - [1046 bytů] - [30/07/2015 11:47:24]
AdwCleaner[R3].txt - [936 bytů] - [30/07/2015 11:55:01]
AdwCleaner[S0].txt - [2892 bytů] - [30/07/2015 11:34:04]
AdwCleaner[S1].txt - [993 bytů] - [30/07/2015 11:44:18]
AdwCleaner[S2].txt - [1109 bytů] - [30/07/2015 11:48:38]

[JaRon]

no to mi velmi nepripada ako virovy problem
skus mackat F8 alebo F5 pri starte a z menu si vyber rezim VGA
ak nabehne skus nastavit nejake mensie rozlisenie napr. 1024x768 alebo 1366x768 podla monitora

[margoman]

Heuréka, problém vyřešen. Jsi vzácný muž, mockrát děkuji. Kolik budu dlužen?

[JaRon]

diiiiky - spominaj na mna v dobrom - a ak chces, mozes prispiet na forum
pekny den

[margoman]

OK zařídím a za Tebe se v kostele pomodlím;)

[JaRon]

diiiky