Reklamy,havěť se vrací

Zpráva

homer_cz · #1 Příspěvek od **homer_cz** » 08 pro 2015 16:28

Zdravím, někde sem chytil nějakou havěť co mi "zpříjemňuje" brouzdání po internetu přesměrováním odkazů na nesmyslné reklamní stránky,vyskakujícími okny atd. Počítač sem projížděl různými programy na likvidaci havěti.Adwcleaner něco smaže a na nějaký čas je pokoj,ale po pár dnech to na mne začne skákat znovu...Prosím o pomoc s vyčištěním.
RSFT:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by User (administrator) on USER-PC (08-12-2015 15:59:35)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(G Central) C:\Program Files (x86)\VVCap\VVCap.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [VVCap] => C:\Program Files (x86)\VVCap\VVCap.exe [765440 2010-12-28] (G Central)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-21] (Google Inc.)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1991769118-1157689148-2223015802-1000] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 77.48.254.254 77.48.100.254
Tcpip\..\Interfaces\{43FC567C-865E-45B5-AA48-98F6D1142A5D}: [DhcpNameServer] 77.48.254.254 77.48.100.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1991769118-1157689148-2223015802-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072213
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=07 ... google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ochrana Kaspersky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-19]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-09-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-11-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-19] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 15:59 - 2015-12-08 15:59 - 00019959 _____ C:\Users\User\Desktop\FRST.txt
2015-12-08 15:59 - 2015-12-08 15:59 - 00000000 ____D C:\FRST
2015-12-08 15:55 - 2015-12-08 15:55 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-12-08 15:54 - 2015-12-08 15:54 - 02369024 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-08 15:44 - 2015-12-08 15:45 - 01738240 _____ C:\Users\User\Downloads\adwcleaner_5.024.exe
2015-12-05 15:06 - 2015-12-05 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-03 19:00 - 2015-12-05 15:06 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2015-12-03 18:38 - 2015-12-03 18:38 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-03 18:28 - 2015-12-03 18:29 - 12897976 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-15.11-minimalsetup_web.exe
2015-11-19 17:10 - 2015-11-19 17:10 - 00000222 _____ C:\Users\User\Desktop\Total War ROME II - Emperor Edition.url
2015-11-19 16:55 - 2015-12-08 15:47 - 00000000 ____D C:\AdwCleaner
2015-11-19 16:54 - 2015-11-19 16:54 - 01732096 _____ C:\Users\User\Downloads\adwcleaner_5.021 (1).exe
2015-11-19 16:28 - 2015-11-19 16:28 - 00018476 _____ C:\ComboFix.txt
2015-11-19 15:49 - 2015-11-19 15:49 - 00000000 ____D C:\Windows\pss
2015-11-19 15:12 - 2015-11-19 15:12 - 00001601 _____ C:\Users\User\Desktop\Apostate.exe – zástupce.lnk
2015-11-19 13:04 - 2015-11-19 13:04 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-19 06:21 - 2015-12-08 15:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-19 06:21 - 2015-12-02 11:06 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-11-19 06:21 - 2015-11-19 18:59 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-11-19 06:21 - 2015-11-19 06:21 - 00002109 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-19 06:21 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-19 06:16 - 2015-11-19 06:16 - 01917824 _____ (Kaspersky Lab) C:\Users\User\Downloads\kav16.0.0.614acs_8658.exe
2015-11-18 17:05 - 2015-11-18 17:05 - 00000000 ____D C:\Users\User\Downloads\Apostate_client
2015-11-18 09:20 - 2015-11-18 09:20 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00118608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 09:17 - 2015-11-18 09:17 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 09:13 - 2015-11-18 09:13 - 23960064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 09:08 - 2015-11-18 09:08 - 49984000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 09:08 - 2015-11-18 09:08 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 08:58 - 2015-11-18 08:58 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-18 08:57 - 2015-11-18 08:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-18 08:50 - 2015-11-18 08:50 - 27596288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-18 06:50 - 2015-11-18 06:50 - 00677888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-18 06:48 - 2015-11-18 06:48 - 00562688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 06643200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-18 06:14 - 2015-11-18 06:14 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\system32\atiapfxx.blb
2015-11-18 05:05 - 2015-11-18 05:05 - 31376896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-18 04:43 - 2015-11-18 04:43 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 25840128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 00865280 _____ (AMD) C:\Windows\system32\coinst_15.30.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-18 04:27 - 2015-11-18 04:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-18 04:26 - 2015-11-18 04:26 - 00223744 _____ C:\Windows\system32\dgtrayicon.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00552448 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00162304 _____ C:\Windows\system32\atieah64.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00031744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-18 04:24 - 2015-11-18 04:24 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-18 04:22 - 2015-11-18 04:22 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-18 04:10 - 2015-11-18 04:10 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-18 03:58 - 2015-11-18 03:58 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-11-18 03:58 - 2015-11-18 03:58 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-18 03:53 - 2015-11-18 03:53 - 00671232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-18 03:45 - 2015-11-18 03:45 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-18 03:45 - 2015-11-18 03:45 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-18 03:43 - 2015-11-18 03:43 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-13 14:33 - 2015-11-13 14:33 - 00003264 _____ C:\Windows\System32\Tasks\System Update
2015-11-11 06:34 - 2015-11-11 06:34 - 00003626 _____ C:\Windows\System32\Tasks\Performance Update Worker
2015-11-11 06:34 - 2015-11-11 06:34 - 00000000 ____D C:\Program Files (x86)\Performance Update
2015-11-08 16:12 - 2013-10-18 18:00 - 00000000 ____D C:\Users\User\Downloads\CRACK PARCHE 4
2015-11-08 10:29 - 2015-11-08 10:31 - 00000000 ____D C:\Users\User\Downloads\543621658-RELTW2V3
2015-11-08 06:30 - 2015-12-08 14:33 - 00000000 ____D C:\Program Files (x86)\Jelbruss Secure Web
2015-11-08 06:30 - 2015-11-19 13:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Mighty Defrag
2015-11-08 05:28 - 2015-11-08 05:28 - 00000000 ____D C:\Users\User\Downloads\T.W.R.II.Update.2-RELOADED

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 15:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-08 15:57 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 15:57 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 15:55 - 2011-04-12 09:34 - 08889098 _____ C:\Windows\system32\perfh005.dat
2015-12-08 15:55 - 2011-04-12 09:34 - 02937098 _____ C:\Windows\system32\perfc005.dat
2015-12-08 15:55 - 2009-07-14 06:13 - 00006268 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 15:51 - 2015-08-06 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-08 15:49 - 2012-09-21 16:13 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 15:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 15:28 - 2012-09-21 16:13 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-07 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-07 16:32 - 2012-11-19 13:14 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-06 01:58 - 2015-08-10 21:59 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-05 15:08 - 2015-08-10 19:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Raptr
2015-12-05 15:08 - 2015-08-10 19:24 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-05 15:06 - 2015-02-12 14:33 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-05 15:06 - 2014-06-06 10:25 - 00000000 ____D C:\Program Files\AMD
2015-12-05 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-03 18:33 - 2014-06-06 10:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-03 18:32 - 2014-06-06 10:21 - 00000000 ____D C:\AMD
2015-11-28 06:47 - 2015-08-10 07:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-28 06:34 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 21:13 - 2012-09-21 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-24 00:31 - 2015-05-24 15:37 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-21 02:14 - 2015-08-10 21:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-21 02:14 - 2015-08-10 21:59 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-21 02:14 - 2012-09-29 14:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-19 18:59 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-11-19 18:59 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-11-19 16:35 - 2012-09-25 15:21 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-19 16:28 - 2012-12-12 19:54 - 00000000 ____D C:\Qoobox
2015-11-19 16:27 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-19 15:20 - 2014-07-27 17:39 - 05639131 ____R (Swearware) C:\Users\User\Desktop\potvora.exe
2015-11-19 15:11 - 2015-10-29 05:22 - 00000000 ____D C:\Program Files (x86)\Apostate_client
2015-11-19 15:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-11-19 13:42 - 2014-07-04 10:36 - 00003828 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404466604
2015-11-19 13:06 - 2012-11-01 00:47 - 00000000 ____D C:\Users\User\Documents\zaloba
2015-11-18 16:35 - 2012-09-21 16:04 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-18 09:20 - 2015-07-29 04:44 - 00110344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 09:20 - 2015-07-29 04:41 - 01229984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 09:20 - 2015-07-29 04:40 - 10907328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 09:20 - 2014-05-23 03:28 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 09:20 - 2011-12-03 04:22 - 01496736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-18 09:20 - 2011-12-03 03:57 - 13189336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 09:20 - 2011-12-03 03:21 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 09070320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 10815664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 09:02 - 2015-07-29 04:08 - 41510912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-18 08:49 - 2015-07-29 04:05 - 22348288 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-18 04:26 - 2014-05-23 02:25 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-18 03:54 - 2015-07-29 03:22 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-18 03:54 - 2014-05-23 02:12 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-18 03:53 - 2015-07-29 03:22 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-16 14:33 - 2012-09-21 16:14 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-12-23 00:24 - 2015-03-10 21:38 - 0007607 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\User\AppData\Local\Temp\hp_upd2_1285.exe
C:\Users\User\AppData\Local\Temp\hp_u_23242.exe
C:\Users\User\AppData\Local\Temp\raptrpatch.exe
C:\Users\User\AppData\Local\Temp\raptr_stub.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Kaspersky Anti-Virus (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 129 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Poslední log z Adwcleaneru (bohužel sem ho musel pustit před RSFT,opět nešlo nic dělat):
# AdwCleaner v5.024 - Logfile created 08/12/2015 at 15:46:00
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.024.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : PrivoxyService

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\SecureWebChannel

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [743 bytes] ##########

Mám i první log z Adw,když to všechno začalo,tam toho mazal o mnoho víc,kdyby mohl pomoci tak dodám.

#2 Příspěvek od **Rudy** » 08 pro 2015 17:43

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

homer_cz · #3 Příspěvek od **homer_cz** » 08 pro 2015 18:35

To jsem již dělal,log z adwcleaneru je v na konci prvního postu,počítač nyní pracuje korektně....problém je v tom že toto jsem dělal již 5-6x a během několika dní se situace opakuje.

#4 Příspěvek od **Rudy** » 08 pro 2015 19:15

Pardon, toto patřilo jinam. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [VVCap] => C:\Program Files (x86)\VVCap\VVCap.exe [765440 2010-12-28] (G Central)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier
C:\Program Files (x86)\Google\GoogleToolbarNotifier
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
C:\Program Files (x86)\Google\Google Toolbar
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\User\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

homer_cz · #5 Příspěvek od **homer_cz** » 09 pro 2015 01:09

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by User (2015-12-09 01:02:50) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [VVCap] => C:\Program Files (x86)\VVCap\VVCap.exe [765440 2010-12-28] (G Central)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier
C:\Program Files (x86)\Google\GoogleToolbarNotifier
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
C:\Program Files (x86)\Google\Google Toolbar
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\User\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VVCap => value removed successfully
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value removed successfully
C:\Program Files (x86)\Google\GoogleToolbarNotifier => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => not found.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

"C:\Users\User\AppData\Local\Temp" folder move:

Could not move "C:\Users\User\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-09 01:04:46)

C:\Users\User\AppData\Local\Temp => moved successfully

==== End of Fixlog 01:04:46 ====

#6 Příspěvek od **Rudy** » 09 pro 2015 18:23

Smazáno. Nastala nějaká změna?

homer_cz · #7 Příspěvek od **homer_cz** » 09 pro 2015 19:45

Tak já problém neměl už po aplikaci AdwCleaneru,tudíž změna pozorovat nejde,jde o to aby se mi ta potvůrka zase nevrátila.
Pokud si myslíte že to bylo vše,tak bych to považoval za vyřešené,když tak mi to tu nechte pro jistotu pár dní otevřené kdyby se to zase vrátilo.
Zatím děkuji,poslal sem drobný příspěvek na vánoční besídku

#8 Příspěvek od **Rudy** » 09 pro 2015 20:12

OK. Za podporu děkujeme a nemáte zač!

homer_cz · #9 Příspěvek od **homer_cz** » 15 pro 2015 05:27

A je to tu znovu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by User (administrator) on USER-PC (15-12-2015 05:17:42)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe
(forum.viry.cz) C:\Users\User\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-10] (Valve Corporation)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [1158856 2015-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1991769118-1157689148-2223015802-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1991769118-1157689148-2223015802-1000] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 77.48.254.254 77.48.100.254
Tcpip\..\Interfaces\{43FC567C-865E-45B5-AA48-98F6D1142A5D}: [DhcpNameServer] 77.48.254.254 77.48.100.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1991769118-1157689148-2223015802-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072213
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=07 ... google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ochrana Kaspersky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-19]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-09-10] (Kaspersky Lab ZAO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2015-12-14] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-11-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-19] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 05:17 - 2015-12-15 05:17 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2015-12-14 18:33 - 2015-12-14 18:33 - 00003276 _____ C:\Windows\System32\Tasks\Jelbruss Secure Web Worker
2015-12-09 20:18 - 2015-12-09 20:18 - 00001742 _____ C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-12-09 20:18 - 2015-12-09 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-12-09 14:38 - 2015-12-09 14:40 - 71283096 _____ (myWOTmods.com ) C:\Users\User\Downloads\webium-WOT-0.9.12-modpack-installer-v9.12.09.exe
2015-12-09 13:49 - 2015-12-09 13:49 - 00860960 _____ C:\Users\User\Downloads\14493583511935_ussr_IS_murovanka.wotreplay
2015-12-09 01:02 - 2015-12-09 01:04 - 00007892 _____ C:\Users\User\Desktop\Fixlog.txt
2015-12-08 15:59 - 2015-12-15 05:17 - 00017235 _____ C:\Users\User\Desktop\FRST.txt
2015-12-08 15:59 - 2015-12-15 05:17 - 00000000 ____D C:\FRST
2015-12-08 15:54 - 2015-12-15 05:17 - 02369536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-08 15:44 - 2015-12-08 15:45 - 01738240 _____ C:\Users\User\Desktop\adwcleaner_5.024.exe
2015-12-05 15:06 - 2015-12-05 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-03 19:00 - 2015-12-05 15:06 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2015-12-03 18:38 - 2015-12-03 18:38 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-03 18:28 - 2015-12-03 18:29 - 12897976 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-15.11-minimalsetup_web.exe
2015-11-19 17:10 - 2015-11-19 17:10 - 00000222 _____ C:\Users\User\Desktop\Total War ROME II - Emperor Edition.url
2015-11-19 16:55 - 2015-12-08 15:47 - 00000000 ____D C:\AdwCleaner
2015-11-19 16:54 - 2015-11-19 16:54 - 01732096 _____ C:\Users\User\Downloads\adwcleaner_5.021 (1).exe
2015-11-19 16:28 - 2015-11-19 16:28 - 00018476 _____ C:\ComboFix.txt
2015-11-19 15:49 - 2015-11-19 15:49 - 00000000 ____D C:\Windows\pss
2015-11-19 15:12 - 2015-11-19 15:12 - 00001601 _____ C:\Users\User\Desktop\Apostate.exe – zástupce.lnk
2015-11-19 13:04 - 2015-11-19 13:04 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-19 06:21 - 2015-12-14 08:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-19 06:21 - 2015-12-02 11:06 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-11-19 06:21 - 2015-11-19 18:59 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-11-19 06:21 - 2015-11-19 06:21 - 00002109 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-19 06:21 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-19 06:16 - 2015-11-19 06:16 - 01917824 _____ (Kaspersky Lab) C:\Users\User\Downloads\kav16.0.0.614acs_8658.exe
2015-11-18 17:05 - 2015-11-18 17:05 - 00000000 ____D C:\Users\User\Downloads\Apostate_client
2015-11-18 09:20 - 2015-11-18 09:20 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00118608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 09:17 - 2015-11-18 09:17 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 09:13 - 2015-11-18 09:13 - 23960064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 09:08 - 2015-11-18 09:08 - 49984000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 09:08 - 2015-11-18 09:08 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 08:58 - 2015-11-18 08:58 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-18 08:57 - 2015-11-18 08:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-18 08:50 - 2015-11-18 08:50 - 27596288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-18 06:50 - 2015-11-18 06:50 - 00677888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-18 06:48 - 2015-11-18 06:48 - 00562688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 06643200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-18 06:14 - 2015-11-18 06:14 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\system32\atiapfxx.blb
2015-11-18 05:05 - 2015-11-18 05:05 - 31376896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-18 04:43 - 2015-11-18 04:43 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 25840128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 00865280 _____ (AMD) C:\Windows\system32\coinst_15.30.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-18 04:27 - 2015-11-18 04:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-18 04:26 - 2015-11-18 04:26 - 00223744 _____ C:\Windows\system32\dgtrayicon.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00552448 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00162304 _____ C:\Windows\system32\atieah64.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00031744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-18 04:24 - 2015-11-18 04:24 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-18 04:22 - 2015-11-18 04:22 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-18 04:10 - 2015-11-18 04:10 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-18 03:58 - 2015-11-18 03:58 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-11-18 03:58 - 2015-11-18 03:58 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-18 03:53 - 2015-11-18 03:53 - 00671232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-18 03:45 - 2015-11-18 03:45 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-18 03:45 - 2015-11-18 03:45 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-18 03:43 - 2015-11-18 03:43 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 05:16 - 2015-08-06 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-14 21:53 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 21:53 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 01:58 - 2015-08-10 21:59 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-10 13:43 - 2014-07-04 10:36 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404466604
2015-12-10 13:43 - 2012-09-25 15:21 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 05:39 - 2015-08-10 19:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Raptr
2015-12-09 01:09 - 2011-04-12 09:34 - 08901626 _____ C:\Windows\system32\perfh005.dat
2015-12-09 01:09 - 2011-04-12 09:34 - 02941444 _____ C:\Windows\system32\perfc005.dat
2015-12-09 01:09 - 2009-07-14 06:13 - 00006268 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 01:05 - 2012-10-10 23:03 - 00000000 ____D C:\Temp
2015-12-09 01:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 01:02 - 2013-01-14 19:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 01:02 - 2012-09-21 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-08 16:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-08 14:33 - 2015-11-08 06:30 - 00000000 ____D C:\Program Files (x86)\Jelbruss Secure Web
2015-12-07 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-07 16:32 - 2012-11-19 13:14 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-05 15:08 - 2015-08-10 19:24 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-05 15:06 - 2015-02-12 14:33 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-05 15:06 - 2014-06-06 10:25 - 00000000 ____D C:\Program Files\AMD
2015-12-05 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-03 18:33 - 2014-06-06 10:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-03 18:32 - 2014-06-06 10:21 - 00000000 ____D C:\AMD
2015-12-02 13:18 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-28 06:47 - 2015-08-10 07:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-28 06:34 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 00:31 - 2015-05-24 15:37 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-21 02:14 - 2015-08-10 21:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-21 02:14 - 2015-08-10 21:59 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-21 02:14 - 2012-09-29 14:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-19 18:59 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-11-19 18:59 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-11-19 16:28 - 2012-12-12 19:54 - 00000000 ____D C:\Qoobox
2015-11-19 16:27 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-19 15:20 - 2014-07-27 17:39 - 05639131 ____R (Swearware) C:\Users\User\Desktop\potvora.exe
2015-11-19 15:11 - 2015-10-29 05:22 - 00000000 ____D C:\Program Files (x86)\Apostate_client
2015-11-19 15:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-11-19 13:06 - 2012-11-01 00:47 - 00000000 ____D C:\Users\User\Documents\zaloba
2015-11-19 13:04 - 2015-11-08 06:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Mighty Defrag
2015-11-18 16:35 - 2012-09-21 16:04 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-18 09:20 - 2015-07-29 04:44 - 00110344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 09:20 - 2015-07-29 04:41 - 01229984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 09:20 - 2015-07-29 04:40 - 10907328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 09:20 - 2014-05-23 03:28 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 09:20 - 2011-12-03 04:22 - 01496736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-18 09:20 - 2011-12-03 03:57 - 13189336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 09:20 - 2011-12-03 03:21 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 09070320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 10815664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 09:02 - 2015-07-29 04:08 - 41510912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-18 08:49 - 2015-07-29 04:05 - 22348288 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-18 04:26 - 2014-05-23 02:25 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-18 03:54 - 2015-07-29 03:22 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-18 03:54 - 2014-05-23 02:12 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-18 03:53 - 2015-07-29 03:22 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-16 14:33 - 2012-09-21 16:14 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-12-23 00:24 - 2015-03-10 21:38 - 0007607 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\hp_u2_1309.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Kaspersky Anti-Virus (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 133 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#10 Příspěvek od **Rudy** » 15 pro 2015 17:41

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic enamžte.

homer_cz · #11 Příspěvek od **homer_cz** » 15 pro 2015 18:53

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.12.2015
Čas skenování: 18:43
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.15.04
Databáze rootkitů: v2015.12.07.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: User

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 344720
Uplynulý čas: 7 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.Privoxy, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe, 7052, , [eb755451810a50e6ced07094ac58bd43]

Moduly: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\mgwz.dll, , [76ea1392bbd086b0d07f86f28b77d030],

Klíče registru: 2
PUP.Optional.Privoxy.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Jelbruss Secure Web Worker, , [77e9fda8d5b687af211864453ec4aa56],
PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, , [eb755451810a50e6ced07094ac58bd43],

Hodnoty registru: 2
PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe" --service, , [eb755451810a50e6ced07094ac58bd43]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [74ec178ea4e75bdb54d11acd71928b75]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web, , [76ea1392bbd086b0d07f86f28b77d030],

Soubory: 15
PUP.Optional.Privoxy, C:\$RECYCLE.BIN\S-1-5-21-1991769118-1157689148-2223015802-1000\$R94XXOX.exe, , [451b693ccbc0fd3952874d68d62bc739],
Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\hp_u2_1309.exe, , [f967475e1477979f438154ca4bb5857b],
PUP.Optional.Privoxy.PrxySvrRST, C:\Windows\System32\Tasks\Jelbruss Secure Web Worker, , [1d4302a37b10db5b67c8119840c22bd5],
PUP.Optional.Privoxy, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe, , [eb755451810a50e6ced07094ac58bd43],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\checkproxy.exe, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\config.txt, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\default.action, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\default.filter, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jsweb.dll, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jsweb64.dll, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\mgwz.dll, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\privoxy.log, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\sschromium.exe, , [76ea1392bbd086b0d07f86f28b77d030],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Jelbruss Secure Web\sschromium64.exe, , [76ea1392bbd086b0d07f86f28b77d030],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#12 Příspěvek od **Rudy** » 15 pro 2015 19:31

Všechny nalezené položky smažte.

homer_cz · #13 Příspěvek od **homer_cz** » 15 pro 2015 19:48

Smazáno,nový log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by User (administrator) on USER-PC (15-12-2015 19:41:07)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.48.254.254 77.48.100.254
Tcpip\..\Interfaces\{43FC567C-865E-45B5-AA48-98F6D1142A5D}: [DhcpNameServer] 77.48.254.254 77.48.100.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1991769118-1157689148-2223015802-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1991769118-1157689148-2223015802-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-19] (AO Kaspersky Lab)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1991769118-1157689148-2223015802-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072213
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=07 ... google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ochrana Kaspersky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-19]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-09-10] (Kaspersky Lab ZAO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-11-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-11-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-19] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 18:51 - 2015-12-15 18:51 - 00003800 _____ C:\mbam.txt
2015-12-15 18:41 - 2015-12-15 19:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 18:40 - 2015-12-15 18:40 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-15 18:40 - 2015-12-15 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-15 18:40 - 2015-12-15 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-15 18:40 - 2015-12-15 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-15 18:40 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-15 18:40 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-15 18:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-15 18:38 - 2015-12-15 18:39 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-15 05:18 - 2015-12-15 05:19 - 00020504 _____ C:\Users\User\Desktop\Addition.txt
2015-12-15 05:17 - 2015-12-15 05:17 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2015-12-09 20:18 - 2015-12-09 20:18 - 00001742 _____ C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-12-09 20:18 - 2015-12-09 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-12-09 14:38 - 2015-12-09 14:40 - 71283096 _____ (myWOTmods.com ) C:\Users\User\Downloads\webium-WOT-0.9.12-modpack-installer-v9.12.09.exe
2015-12-09 13:49 - 2015-12-09 13:49 - 00860960 _____ C:\Users\User\Downloads\14493583511935_ussr_IS_murovanka.wotreplay
2015-12-09 01:02 - 2015-12-09 01:04 - 00007892 _____ C:\Users\User\Desktop\Fixlog.txt
2015-12-08 15:59 - 2015-12-15 19:41 - 00016973 _____ C:\Users\User\Desktop\FRST.txt
2015-12-08 15:59 - 2015-12-15 19:39 - 00000000 ____D C:\FRST
2015-12-08 15:54 - 2015-12-15 05:17 - 02369536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-08 15:44 - 2015-12-08 15:45 - 01738240 _____ C:\Users\User\Desktop\adwcleaner_5.024.exe
2015-12-05 15:06 - 2015-12-05 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-03 19:00 - 2015-12-05 15:06 - 00000000 ____D C:\Users\User\AppData\Local\AMD
2015-12-03 18:38 - 2015-12-03 18:38 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-03 18:28 - 2015-12-03 18:29 - 12897976 _____ (AMD Inc.) C:\Users\User\Downloads\radeon-crimson-15.11-minimalsetup_web.exe
2015-11-19 17:10 - 2015-11-19 17:10 - 00000222 _____ C:\Users\User\Desktop\Total War ROME II - Emperor Edition.url
2015-11-19 16:55 - 2015-12-08 15:47 - 00000000 ____D C:\AdwCleaner
2015-11-19 16:54 - 2015-11-19 16:54 - 01732096 _____ C:\Users\User\Downloads\adwcleaner_5.021 (1).exe
2015-11-19 16:28 - 2015-11-19 16:28 - 00018476 _____ C:\ComboFix.txt
2015-11-19 15:49 - 2015-11-19 15:49 - 00000000 ____D C:\Windows\pss
2015-11-19 15:12 - 2015-11-19 15:12 - 00001601 _____ C:\Users\User\Desktop\Apostate.exe – zástupce.lnk
2015-11-19 13:04 - 2015-11-19 13:04 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-19 06:21 - 2015-12-15 19:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-19 06:21 - 2015-12-02 11:06 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-11-19 06:21 - 2015-11-19 18:59 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-11-19 06:21 - 2015-11-19 06:21 - 00002109 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-11-19 06:21 - 2015-11-19 06:21 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-19 06:21 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-19 06:16 - 2015-11-19 06:16 - 01917824 _____ (Kaspersky Lab) C:\Users\User\Downloads\kav16.0.0.614acs_8658.exe
2015-11-18 17:05 - 2015-11-18 17:05 - 00000000 ____D C:\Users\User\Downloads\Apostate_client
2015-11-18 09:20 - 2015-11-18 09:20 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00118608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 09:20 - 2015-11-18 09:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 09:17 - 2015-11-18 09:17 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 09:13 - 2015-11-18 09:13 - 23960064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 09:08 - 2015-11-18 09:08 - 49984000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 09:08 - 2015-11-18 09:08 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 08:58 - 2015-11-18 08:58 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-18 08:57 - 2015-11-18 08:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-18 08:50 - 2015-11-18 08:50 - 27596288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-18 06:50 - 2015-11-18 06:50 - 00677888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-18 06:48 - 2015-11-18 06:48 - 00562688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 06643200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-18 06:46 - 2015-11-18 06:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-18 06:14 - 2015-11-18 06:14 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-18 05:48 - 2015-11-18 05:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-18 05:08 - 2015-11-18 05:08 - 00683960 _____ C:\Windows\system32\atiapfxx.blb
2015-11-18 05:05 - 2015-11-18 05:05 - 31376896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-18 04:43 - 2015-11-18 04:43 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-18 04:43 - 2015-11-18 04:43 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 25840128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-18 04:40 - 2015-11-18 04:40 - 00865280 _____ (AMD) C:\Windows\system32\coinst_15.30.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-18 04:32 - 2015-11-18 04:32 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-18 04:27 - 2015-11-18 04:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-18 04:26 - 2015-11-18 04:26 - 00223744 _____ C:\Windows\system32\dgtrayicon.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00552448 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-18 04:25 - 2015-11-18 04:25 - 00162304 _____ C:\Windows\system32\atieah64.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-18 04:25 - 2015-11-18 04:25 - 00031744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-18 04:24 - 2015-11-18 04:24 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-18 04:22 - 2015-11-18 04:22 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-18 04:10 - 2015-11-18 04:10 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-18 03:58 - 2015-11-18 03:58 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-11-18 03:58 - 2015-11-18 03:58 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-18 03:54 - 2015-11-18 03:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-18 03:53 - 2015-11-18 03:53 - 00671232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-18 03:45 - 2015-11-18 03:45 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-18 03:45 - 2015-11-18 03:45 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-18 03:43 - 2015-11-18 03:43 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 19:38 - 2011-04-12 09:34 - 08914154 _____ C:\Windows\system32\perfh005.dat
2015-12-15 19:38 - 2011-04-12 09:34 - 02945790 _____ C:\Windows\system32\perfc005.dat
2015-12-15 19:38 - 2009-07-14 06:13 - 00006268 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-15 19:37 - 2015-08-10 19:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Raptr
2015-12-15 19:36 - 2015-08-10 21:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-15 19:36 - 2015-08-10 21:59 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-12-15 19:36 - 2015-08-10 21:59 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-15 19:36 - 2015-08-10 19:24 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-15 19:36 - 2015-08-06 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-15 19:36 - 2012-09-29 14:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-15 19:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 05:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-14 21:53 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 21:53 - 2009-07-14 05:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-10 13:43 - 2014-07-04 10:36 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404466604
2015-12-10 13:43 - 2012-09-25 15:21 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-09 01:05 - 2012-10-10 23:03 - 00000000 ____D C:\Temp
2015-12-09 01:02 - 2013-01-14 19:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 01:02 - 2012-09-21 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-07 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-07 16:32 - 2012-11-19 13:14 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-05 15:06 - 2015-02-12 14:33 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-05 15:06 - 2014-06-06 10:25 - 00000000 ____D C:\Program Files\AMD
2015-12-05 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-03 18:33 - 2014-06-06 10:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-03 18:32 - 2014-06-06 10:21 - 00000000 ____D C:\AMD
2015-12-02 13:18 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-28 06:47 - 2015-08-10 07:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-28 06:34 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 00:31 - 2015-05-24 15:37 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-19 18:59 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-11-19 18:59 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-11-19 16:28 - 2012-12-12 19:54 - 00000000 ____D C:\Qoobox
2015-11-19 16:27 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-19 15:20 - 2014-07-27 17:39 - 05639131 ____R (Swearware) C:\Users\User\Desktop\potvora.exe
2015-11-19 15:11 - 2015-10-29 05:22 - 00000000 ____D C:\Program Files (x86)\Apostate_client
2015-11-19 15:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-11-19 13:06 - 2012-11-01 00:47 - 00000000 ____D C:\Users\User\Documents\zaloba
2015-11-19 13:04 - 2015-11-08 06:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Mighty Defrag
2015-11-18 16:35 - 2012-09-21 16:04 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-18 09:20 - 2015-07-29 04:44 - 00110344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 09:20 - 2015-07-29 04:42 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 09:20 - 2015-07-29 04:41 - 01229984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 09:20 - 2015-07-29 04:40 - 10907328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 09:20 - 2014-05-23 03:28 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 09:20 - 2011-12-03 04:22 - 01496736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-18 09:20 - 2011-12-03 03:57 - 13189336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 09:20 - 2011-12-03 03:21 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 09070320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 09:19 - 2015-07-29 04:40 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 10815664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 09:19 - 2014-05-23 03:27 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 09:02 - 2015-07-29 04:08 - 41510912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-18 08:49 - 2015-07-29 04:05 - 22348288 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-18 04:26 - 2014-05-23 02:25 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-18 03:54 - 2015-07-29 03:22 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-18 03:54 - 2014-05-23 02:12 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-18 03:53 - 2015-07-29 03:22 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-16 14:33 - 2012-09-21 16:14 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-12-23 00:24 - 2015-03-10 21:38 - 0007607 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-30 00:52

==================== End of FRST.txt ============================

#14 Příspěvek od **Rudy** » 15 pro 2015 20:37

Nastala nějaká změna?

homer_cz · #15 Příspěvek od **homer_cz** » 15 pro 2015 20:43

Vypadá to v pořádku,ale to už několikrát

VIRY.CZ

Reklamy,havěť se vrací

Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací

Re: Reklamy,havěť se vrací