preventivka

[Márty84]

V logu porad vidim bezet MBAM. Odinstalujte ho, nebo aspon vypnete jeho stit (byla aktivovana zkusebni verze, ktera ma stit), jinak bude dochazet ke kolizim s pouzivanym antivirem.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

[Lord Excalibur]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Excalibur (administrator) on EXCALIBUR-NTB (14-05-2016 10:08:10)
Running from C:\Users\Excalibur\Desktop
Loaded Profiles: Excalibur (Available Profiles: Excalibur & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(forum.viry.cz) C:\Users\Excalibur\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Excalibur\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-05-11]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{056AAB92-BE99-4F91-9F1F-38418BB79633}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{47E0C903-520A-4EE4-87DB-749E0267BBE4}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{585A9B09-C4AB-4847-B1B0-AC2ECE2D852F}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{7A7ACC95-FBC8-4DDE-968C-11FB7285D780}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{A0B07E30-5AF3-43EA-BB61-2A0E823681A2}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A6F89920-34C5-4D87-B26C-82A93DA72DB8}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{B84491AA-FB52-4B1E-BFB9-61EA94083AB9}: [NameServer] 93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{D32A3D5B-28FE-4C40-A280-7880A19688D7}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-792113725-3541881400-1338686765-1000 -> {DAEE7B50-0E12-4209-926C-7E0AC713AE91} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-05-06] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-06] ()
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-792113725-3541881400-1338686765-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Excalibur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-792113725-3541881400-1338686765-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Excalibur\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-792113725-3541881400-1338686765-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Excalibur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com [2015-03-07] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Dokumenty Google) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Disk Google) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Slither.io Mods) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-11]
CHR Extension: (Tabulky Google) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Avira Browser Safety) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-22]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2015-10-28]
CHR Extension: (Gmail) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Excalibur\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-22] (BitRaider, LLC)
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-07] (BitRaider, LLC)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-08] (Electronic Arts)
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-12-07] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-12-23] (BitRaider)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-07-07] (Sony Mobile Communications)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.)
S3 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [33184 2011-03-09] ()
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [116640 2009-08-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-08-17] (REALTEK SEMICONDUCTOR Corp.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 10:08 - 2016-05-14 10:08 - 00020044 _____ C:\Users\Excalibur\Desktop\FRST.txt
2016-05-14 10:06 - 2016-05-14 10:08 - 00000000 ____D C:\FRST
2016-05-14 10:06 - 2016-05-14 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\Excalibur\Desktop\FRSTLauncher.exe
2016-05-14 10:05 - 2016-05-14 10:05 - 02381312 _____ (Farbar) C:\Users\Excalibur\Desktop\FRST64.exe
2016-05-13 23:59 - 2016-05-13 23:59 - 00016247 _____ C:\ComboFix.txt
2016-05-13 11:01 - 2016-05-13 23:59 - 00000000 ____D C:\Qoobox
2016-05-13 11:01 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-13 11:01 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-13 11:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-13 11:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-13 11:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-13 11:01 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-13 11:01 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-13 11:01 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-13 11:00 - 2016-05-13 23:54 - 00000000 ____D C:\Windows\erdnt
2016-05-13 10:54 - 2016-05-13 10:54 - 05658358 ____R (Swearware) C:\Users\Excalibur\Desktop\ComboFix.exe
2016-05-11 22:23 - 2016-05-11 22:23 - 00070613 _____ C:\Users\Excalibur\Desktop\mbam.txt
2016-05-11 22:13 - 2016-05-11 22:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-11 22:10 - 2016-05-11 22:10 - 22851472 _____ (Malwarebytes ) C:\Users\Excalibur\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-11 21:43 - 2016-05-11 21:43 - 03640384 _____ C:\Users\Excalibur\Desktop\adwcleaner_5.116.exe
2016-05-11 21:42 - 2016-05-11 21:42 - 00001227 _____ C:\Users\Excalibur\Desktop\CrystalDiskInfo.lnk
2016-05-11 21:42 - 2016-05-11 21:42 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-05-11 21:41 - 2016-05-11 21:41 - 11346936 _____ C:\Users\Excalibur\Downloads\CrystalDiskInfo6_8_2-en.exe
2016-05-11 21:23 - 2016-05-11 21:23 - 04831744 _____ (Geza Kovacs) C:\Users\Excalibur\Downloads\unetbootin-windows-613.exe
2016-05-11 21:18 - 2016-05-11 21:18 - 01222144 _____ C:\Users\Excalibur\Downloads\RSITx64 (1).exe
2016-05-11 19:34 - 2016-05-11 19:34 - 01107968 _____ C:\Users\Excalibur\Downloads\RSIT.exe
2016-05-11 19:34 - 2016-05-11 19:34 - 00000000 ____D C:\rsit
2016-05-11 19:34 - 2016-05-11 19:34 - 00000000 ____D C:\Program Files (x86)\trend micro
2016-05-11 19:30 - 2016-05-11 20:18 - 1485881344 _____ C:\Users\Excalibur\Downloads\ubuntu-16.04-desktop-amd64.iso
2016-05-11 19:25 - 2016-05-11 22:23 - 00001341 _____ C:\Users\Excalibur\Desktop\Install Kaspersky Internet Security version 16.0.0.614.lnk
2016-05-11 19:08 - 2016-05-11 19:08 - 00001136 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-05-11 19:08 - 2016-05-11 19:08 - 00001096 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-05-11 19:08 - 2016-05-11 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-05-11 19:08 - 2016-05-11 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-05-11 19:08 - 2016-05-11 19:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-11 19:08 - 2016-05-11 19:08 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-05-11 19:04 - 2016-05-11 19:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-11 19:04 - 2016-05-11 19:04 - 02622792 _____ (Kaspersky Lab) C:\Users\Excalibur\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-05-11 17:01 - 2016-05-11 17:01 - 00000000 ____D C:\Users\Excalibur\.swt
2016-05-11 17:01 - 2016-05-11 17:01 - 00000000 ____D C:\Users\Excalibur\.oracle_jre_usage
2016-05-11 17:01 - 2016-05-11 17:01 - 00000000 ____D C:\Users\Excalibur\.flashTool
2016-05-11 17:00 - 2016-05-11 17:03 - 00000000 ____D C:\Flashtool
2016-05-11 17:00 - 2016-05-11 17:00 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2016-05-11 16:24 - 2016-05-11 16:37 - 150704880 _____ (Androxyde) C:\Users\Excalibur\Downloads\flashtool-0.9.20.0-windows.exe
2016-05-11 00:28 - 2016-05-11 00:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-05-11 00:20 - 2016-05-11 00:20 - 01174979 _____ C:\Windows\unins000.exe
2016-05-11 00:20 - 2016-05-11 00:20 - 00018255 _____ C:\Windows\unins000.dat
2016-05-11 00:20 - 2011-05-24 10:59 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-05-11 00:19 - 2016-05-11 00:22 - 00000000 ____D C:\Users\Excalibur\.android
2016-05-11 00:19 - 2016-05-11 00:19 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\Kingosoft
2016-05-11 00:18 - 2016-05-11 00:32 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT
2016-05-11 00:18 - 2016-05-11 00:18 - 00000000 ____D C:\Users\Excalibur\AppData\Local\Kingosoft
2016-05-11 00:17 - 2016-05-11 00:18 - 18463192 _____ (Kingosoft Technology Ltd. ) C:\Users\Excalibur\Downloads\android_root.exe
2016-05-06 12:29 - 2016-05-14 09:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-06 12:29 - 2016-05-06 21:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-06 12:28 - 2016-05-06 12:28 - 01192656 _____ (Adobe Systems Incorporated) C:\Users\Excalibur\Downloads\flashplayer21pp_fa_install.exe
2016-05-01 21:35 - 2016-05-01 21:35 - 00007956 _____ C:\Users\Excalibur\Downloads\login.htm
2016-04-29 00:12 - 2016-04-29 00:12 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\TubeTycoon
2016-04-29 00:11 - 2016-05-06 22:46 - 00000000 ____D C:\Users\Excalibur\Downloads\TubeTycoon B1.2.3
2016-04-28 20:44 - 2016-04-28 20:44 - 08491361 _____ C:\Users\Excalibur\Downloads\TubeTycoon B1.2.3.zip
2016-04-27 21:40 - 2016-04-27 21:40 - 03580480 ____N C:\Users\Excalibur\Downloads\adwcleaner_5.113.exe
2016-04-27 21:39 - 2016-04-27 21:39 - 01524224 _____ C:\Users\Excalibur\Downloads\adwcleaner_5.101.exe
2016-04-27 21:39 - 2016-04-27 21:39 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-04-22 13:49 - 2016-04-22 13:59 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-04-22 13:49 - 2016-04-22 13:59 - 00001000 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-04-17 15:37 - 2016-04-17 19:24 - 00048428 _____ C:\Users\Excalibur\Desktop\Anča dotazník.odt
2016-04-17 08:29 - 2016-04-17 19:39 - 00022008 _____ C:\Users\Excalibur\Desktop\DOtazník.ods
2016-04-14 06:11 - 2016-04-13 10:23 - 01337092 _____ C:\Users\Excalibur\Desktop\Mystcraft-Mod-1.4.6.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 09:59 - 2015-05-13 01:09 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-14 09:59 - 2015-03-07 13:41 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-14 09:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-14 09:59 - 2009-07-14 06:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-14 09:59 - 2009-07-14 06:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-14 09:57 - 2015-11-01 22:59 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-14 09:57 - 2015-09-04 17:13 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job
2016-05-14 09:57 - 2015-05-13 01:09 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-14 09:57 - 2013-11-02 05:46 - 00000000 ____D C:\Users\Excalibur\AppData\Local\Apps\2.0
2016-05-14 09:18 - 2015-01-04 14:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-14 08:13 - 2015-09-04 17:13 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job
2016-05-14 08:09 - 2009-07-14 07:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-14 08:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-13 23:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-13 23:54 - 2009-07-14 04:34 - 00188416 _____ C:\Windows\system32\config\DEFAULT.bak
2016-05-13 23:54 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2016-05-13 23:54 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2016-05-13 23:35 - 2015-05-02 22:02 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\vlc
2016-05-13 18:06 - 2013-12-29 03:43 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-13 04:42 - 2015-09-04 17:28 - 00002224 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 04:42 - 2013-11-02 05:47 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 09:34 - 2013-12-23 23:48 - 00000000 ____D C:\Windows\Minidump
2016-05-11 22:55 - 2014-06-03 15:05 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1388281383
2016-05-11 21:46 - 2015-04-05 20:50 - 00000000 ____D C:\AdwCleaner
2016-05-11 21:18 - 2015-04-05 15:27 - 00000000 ____D C:\Program Files\trend micro
2016-05-11 21:16 - 2015-04-05 15:16 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2016-05-11 18:58 - 2013-12-21 12:47 - 00000000 ____D C:\Users\Excalibur\AppData\Local\CrashDumps
2016-05-11 18:58 - 2013-11-07 21:51 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\TS3Client
2016-05-11 18:58 - 2013-11-03 16:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-11 17:01 - 2013-11-01 06:35 - 00000000 ____D C:\Users\Excalibur
2016-05-11 01:42 - 2015-09-04 17:13 - 00003960 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA
2016-05-11 01:42 - 2015-09-04 17:13 - 00003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core
2016-05-11 00:32 - 2013-11-02 05:46 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:32 - 2013-11-02 05:46 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 09:40 - 2014-07-22 20:22 - 00000000 ____D C:\Users\Excalibur\AppData\Local\ftblauncher
2016-05-10 09:39 - 2014-03-02 18:44 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-05-07 22:45 - 2014-03-19 00:25 - 00428544 ___SH C:\Users\Excalibur\Documents\Thumbs.db
2016-05-06 21:36 - 2015-11-01 22:59 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-06 21:36 - 2015-11-01 22:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-06 12:29 - 2015-11-01 22:59 - 00003904 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-05-06 12:29 - 2013-12-29 21:08 - 00000000 ____D C:\Users\Excalibur\AppData\Local\Adobe
2016-04-28 08:31 - 2014-06-14 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-27 21:45 - 2009-07-14 06:45 - 00383536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-24 11:19 - 2014-05-24 20:10 - 00007168 _____ C:\Users\Excalibur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-23 19:04 - 2013-11-02 00:39 - 00089416 _____ C:\Users\Excalibur\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 22:14 - 2015-12-21 18:02 - 00000000 ____D C:\Users\Excalibur\Desktop\Baldurs.Gate.Enhanced.Edition.MULTi14-PROPHET
2016-04-16 20:19 - 2013-11-02 11:16 - 00000000 ____D C:\Users\Excalibur\AppData\Roaming\Skype
2016-04-16 18:04 - 2013-11-02 16:57 - 00000000 ____D C:\Users\Excalibur\AppData\Local\ElevatedDiagnostics
2016-04-16 18:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-09-04 17:11 - 2015-09-04 17:16 - 20510720 _____ () C:\Program Files (x86)\GUT1BC2.tmp
2014-07-30 14:49 - 2014-07-30 14:49 - 0000000 _____ () C:\Program Files (x86)\log_worldeditor.txt
2014-08-17 10:39 - 2014-08-17 10:48 - 3421601434 _____ () C:\Program Files (x86)\SPORE.rar
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Excalibur\AppData\Roaming\BYAIAMUF
2014-01-02 16:20 - 2014-01-05 14:44 - 0001726 _____ () C:\Users\Excalibur\AppData\Roaming\mskpfrgl.dat
2014-01-02 16:20 - 2014-01-16 05:10 - 0000027 _____ () C:\Users\Excalibur\AppData\Roaming\msluuk.dat
2014-05-24 20:10 - 2016-04-24 11:19 - 0007168 _____ () C:\Users\Excalibur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-25 20:19 - 2015-02-25 20:19 - 0000857 _____ () C:\Users\Excalibur\AppData\Local\recently-used.xbel
2015-07-31 15:58 - 2015-07-31 15:58 - 0000000 _____ () C:\Users\Excalibur\AppData\Local\{69E451FA-BD1D-446E-BC62-E09B11CC0D44}
2013-12-12 16:15 - 2013-12-12 16:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-20 14:30 - 2015-09-20 14:30 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-09 14:37

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:931.41 GB) (Free:268.88 GB) NTFS

Available physical RAM: 2115.93 MB
Total physical RAM: 3914.36 MB
Percentage of memory in use: 45%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 218BC647)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Excalibur\Desktop" je 1974 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Excalibur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\EXCALI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Excalibur\Desktop" je 1974 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]
FF Extension: Avira Browser Safety - C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com [2015-03-07] [not signed]

CHR Extension: (Avira Browser Safety) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-23]

S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

2016-05-11 22:23 - 2016-05-11 22:23 - 00070613 _____ C:\Users\Excalibur\Desktop\mbam.txt
2016-05-11 22:13 - 2016-05-11 22:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-11 22:10 - 2016-05-11 22:10 - 22851472 _____ (Malwarebytes ) C:\Users\Excalibur\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-11 21:16 - 2015-04-05 15:16 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[Lord Excalibur]

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Excalibur (2016-05-14 12:50:04) Run:1
Running from C:\Users\Excalibur\Desktop
Loaded Profiles: Excalibur (Available Profiles: Excalibur & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4791\explugin\npBaiduSDDetectPlug.dll [No File]
FF Extension: Avira Browser Safety - C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com [2015-03-07] [not signed]

CHR Extension: (Avira Browser Safety) - C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-23]

S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

2016-05-11 22:23 - 2016-05-11 22:23 - 00070613 _____ C:\Users\Excalibur\Desktop\mbam.txt
2016-05-11 22:13 - 2016-05-11 22:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-11 22:10 - 2016-05-11 22:10 - 22851472 _____ (Malwarebytes ) C:\Users\Excalibur\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-11 21:16 - 2015-04-05 15:16 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job => C:\Users\Excalibur\AppData\Local\Google\Update\GoogleUpdate.exe

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-792113725-3541881400-1338686765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-792113725-3541881400-1338686765-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin" => key removed successfully
C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com => moved successfully
C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com => path removed successfully
FF Extension: Avira Browser Safety - C:\Users\Excalibur\AppData\Roaming\Mozilla\Firefox\Profiles\xZmI1LiZ.default\Extensions\abs@avira.com [2015-03-07] [not signed] => not found
C:\Users\Excalibur\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
AntiVirService => service removed successfully
avgntflt => service removed successfully
catchme => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\Excalibur\Desktop\mbam.txt => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\Users\Excalibur\Downloads\mbam-setup-2.2.1.1043.exe => moved successfully
C:\Program Files (x86)\Spyware Terminator => moved successfully
C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-792113725-3541881400-1338686765-1000UA.job => moved successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:50:52 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[Lord Excalibur]

CCleaner a defragmentaci používám pravidelně.
Jinak PC se teď chová o poznání líp. Dost udělal ten 1.2G soubor na ploše, kterej jsem nějak přehlídl, děkuji za upozornění. Vše je poněkud svižnější, děkuji za vyčištění.

[Márty84]

To jsem rad, nemate zac!

Mejte se a treba zase nekdy