Hijacking DNS (PUM DNS)

Zpráva

Tomas0 · #1 Příspěvek od **Tomas0** » 20 črc 2016 09:58

Dobrý deň mám taký problém Rougekiller my našiel PUM DNS ale vždy ked to dám odstrániť tak sa to vráti naspet aj Malware našlo Hijack.FolderOptions dám ho do karantény tak sa naspeť obnoví
a Avast my píše že nemože pracovať na zabezpečenéj DNS dakujem vopred za pomoc tu sú logy

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.23.254.124 217.23.254.125 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.23.254.124 217.23.254.125 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B20CE9B-DAF2-4422-8F3D-88D0C7BDC55B} | DhcpNameServer : 217.23.254.124 217.23.254.125 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B20CE9B-DAF2-4422-8F3D-88D0C7BDC55B} | DhcpNameServer : 217.23.254.124 217.23.254.125 ([X][X]) -> Found

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by Thomas (administrator) on THOMAS-PC (20-07-2016 10:52:00)
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Silent Terminator\srvany.exe
(AMYD Projects) C:\Program Files (x86)\Silent Terminator\Silent Terminator.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AMYD Projects) C:\Program Files (x86)\Silent Terminator\Silent Terminator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sunrise Software) C:\Program Files (x86)\Sunrise Seven\Sunrise Seven.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6638472 2016-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-20] (AVAST Software)
HKLM-x32\...\Run: [Silent Terminator] => C:\Program Files (x86)\Silent Terminator\Silent Terminator.exe [2068480 2014-07-12] (AMYD Projects)
HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 217.23.254.124 217.23.254.125
Tcpip\..\Interfaces\{5B20CE9B-DAF2-4422-8F3D-88D0C7BDC55B}: [DhcpNameServer] 217.23.254.124 217.23.254.125

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-20] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://www.youtube.com/watch?v=TKU8hqKY3GQ
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-20]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-07-20] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SilentTerminatorServices; C:\Program Files (x86)\Silent Terminator\srvany.exe [8192 2003-04-18] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-20] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-07-20] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [572120 2016-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-20] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-20] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 10:49 - 2016-07-20 10:52 - 00009622 _____ C:\Users\Thomas\Desktop\FRST.txt
2016-07-20 10:48 - 2016-07-20 10:52 - 00000000 ____D C:\FRST
2016-07-20 10:48 - 2016-07-20 10:48 - 02391552 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2016-07-20 10:32 - 2016-07-20 10:50 - 00004044 _____ C:\Users\Thomas\Desktop\ghdrehrtf.txt
2016-07-20 09:49 - 2016-07-20 10:36 - 00000000 ____D C:\Windows\Minidump
2016-07-20 09:49 - 2016-07-20 10:33 - 518430553 _____ C:\Windows\MEMORY.DMP
2016-07-20 09:47 - 2016-07-20 09:47 - 00001119 _____ C:\Users\Public\Desktop\Silent Terminator.lnk
2016-07-20 09:47 - 2016-07-20 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Terminator
2016-07-20 09:47 - 2016-07-20 09:47 - 00000000 ____D C:\Program Files (x86)\Silent Terminator
2016-07-20 09:44 - 2014-07-16 16:23 - 02501345 _____ (AMYD Projects ) C:\Users\Thomas\Desktop\Silent Terminator Setup.exe
2016-07-20 09:12 - 2010-11-21 05:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe.Back
2016-07-20 09:10 - 2016-07-20 09:10 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-07-20 09:09 - 2016-07-20 09:09 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-07-20 09:09 - 2016-07-20 09:09 - 00000000 ____D C:\Users\Thomas\AppData\Local\AMD
2016-07-20 09:09 - 2016-07-20 09:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-20 09:09 - 2016-06-23 20:22 - 00264992 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-20 09:09 - 2016-06-23 20:21 - 00257824 _____ C:\Windows\system32\vulkan-1.dll
2016-07-20 09:09 - 2016-06-23 20:21 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-20 09:09 - 2016-06-23 20:20 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-20 09:08 - 2016-07-20 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-07-20 09:08 - 2016-07-20 09:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-20 09:07 - 2016-07-20 09:07 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-07-20 09:06 - 2016-07-20 09:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-20 09:04 - 2016-07-20 09:04 - 00747578 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-20 09:02 - 2016-07-20 09:08 - 00000000 ____D C:\Program Files\AMD
2016-07-20 08:59 - 2016-07-20 08:59 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-20 08:59 - 2016-07-20 08:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-20 08:56 - 2016-07-20 08:02 - 00000000 ____D C:\Windows\Panther
2016-07-20 08:50 - 2016-07-20 08:50 - 00000000 ____D C:\Users\Thomas\AppData\Local\CEF
2016-07-20 08:49 - 2016-07-20 10:01 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-20 08:49 - 2016-07-20 08:59 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-20 08:49 - 2016-07-20 08:49 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-20 08:49 - 2016-07-20 08:49 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-07-20 08:49 - 2016-07-20 08:49 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\AVAST Software
2016-07-20 08:49 - 2016-07-20 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-20 08:49 - 2016-07-20 08:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-20 08:49 - 2016-07-20 08:48 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-20 08:49 - 2016-07-20 08:48 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-20 08:49 - 2016-07-20 08:48 - 00572120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-07-20 08:48 - 2016-07-20 08:48 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-20 08:48 - 2016-07-20 08:48 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2016-07-20 08:48 - 2016-07-20 08:48 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-20 08:48 - 2016-07-20 08:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-20 08:47 - 2016-07-20 08:47 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\WinRAR
2016-07-20 08:46 - 2016-07-20 08:46 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-20 08:46 - 2016-07-20 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-20 08:46 - 2016-07-20 08:46 - 00000000 ____D C:\Program Files\WinRAR
2016-07-20 08:45 - 2016-07-20 08:45 - 00003741 _____ C:\Users\Thomas\Documents\Avast.rar
2016-07-20 08:37 - 2016-07-20 09:57 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-20 08:37 - 2016-07-20 08:37 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-07-20 08:37 - 2016-07-20 08:37 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-20 08:37 - 2016-07-20 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-20 08:37 - 2016-07-20 08:37 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-20 08:27 - 2016-07-20 10:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 08:26 - 2016-07-20 08:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-20 08:26 - 2016-07-20 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-20 08:26 - 2016-07-20 08:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-20 08:26 - 2016-07-20 08:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 08:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-20 08:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-20 08:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-20 08:25 - 2016-07-20 09:31 - 00000000 ____D C:\Program Files (x86)\Sunrise Seven
2016-07-20 08:25 - 2016-07-20 08:25 - 00000997 _____ C:\Users\Public\Desktop\Sunrise Seven.lnk
2016-07-20 08:25 - 2016-07-20 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunrise Seven
2016-07-20 08:24 - 2016-07-20 08:24 - 02475359 _____ C:\Users\Thomas\Downloads\Silent_Terminator.zip
2016-07-20 08:23 - 2016-07-20 08:23 - 02668752 _____ (Sunrise Software ) C:\Users\Thomas\Downloads\Sunrise_Seven_1.1.build.54.signed.exe
2016-07-20 08:23 - 2016-07-20 08:23 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-20 08:23 - 2016-07-20 08:23 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-20 08:23 - 2016-07-20 08:23 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2016-07-20 08:22 - 2016-07-20 10:34 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 08:22 - 2016-07-20 10:27 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 08:22 - 2016-07-20 08:22 - 52553304 _____ (Google Inc.) C:\Users\Thomas\Desktop\ChromeStandaloneSetup64.exe
2016-07-20 08:22 - 2016-07-20 08:22 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-20 08:22 - 2016-07-20 08:22 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-20 08:22 - 2016-07-20 08:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-20 08:10 - 2016-07-20 10:42 - 00058750 _____ C:\Windows\system32\perfh01B.dat
2016-07-20 08:10 - 2016-07-20 10:42 - 00022048 _____ C:\Windows\system32\perfc01B.dat
2016-07-20 08:03 - 2016-07-20 08:03 - 00057560 _____ C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-20 08:02 - 2016-07-20 08:02 - 00001447 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-20 08:02 - 2016-07-20 08:02 - 00001413 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-07-20 08:02 - 2016-07-20 08:02 - 00000020 ___SH C:\Users\Thomas\ntuser.ini
2016-07-20 08:02 - 2016-07-20 08:02 - 00000000 ____D C:\Users\Thomas\AppData\Local\VirtualStore
2016-07-20 08:02 - 2016-07-20 08:02 - 00000000 ____D C:\Users\Thomas
2016-07-20 08:02 - 2010-11-21 17:10 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Media Center Programs
2016-07-20 07:59 - 2016-07-20 07:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-07-08 21:37 - 2016-07-08 21:37 - 00141280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-07-08 21:37 - 2016-07-08 21:37 - 00122704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 10707032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 08888016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 01515312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 01245416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00166488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00137136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-07-08 21:36 - 2016-07-08 21:36 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-07-08 21:35 - 2016-07-08 21:35 - 09798560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-07-08 21:35 - 2016-07-08 21:35 - 08865344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-07-08 21:35 - 2016-07-08 21:35 - 08577456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-07-08 21:35 - 2016-07-08 21:35 - 07000520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-07-08 21:33 - 2016-07-08 21:33 - 00305032 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-07-08 21:29 - 2016-07-08 21:29 - 27004928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-07-08 21:23 - 2016-07-08 21:23 - 48616960 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-07-08 21:23 - 2016-07-08 21:23 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-07-08 21:22 - 2016-07-08 21:22 - 38099456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-07-08 21:21 - 2016-07-08 21:21 - 08815104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-07-08 21:21 - 2016-07-08 21:21 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-07-08 21:21 - 2016-07-08 21:21 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-07-08 21:19 - 2016-07-08 21:19 - 27433472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-07-08 21:19 - 2016-07-08 21:19 - 21600768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-07-08 21:17 - 2016-07-08 21:17 - 07072768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-07-08 21:03 - 2016-07-08 21:03 - 30219776 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-07-08 21:02 - 2016-07-08 21:02 - 06965248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-07-08 21:02 - 2016-07-08 21:02 - 00732160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-07-08 21:02 - 2016-07-08 21:02 - 00607744 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-07-08 21:02 - 2016-07-08 21:02 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-07-08 21:02 - 2016-07-08 21:02 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-07-08 21:00 - 2016-07-08 21:00 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.20.dll
2016-07-08 20:59 - 2016-07-08 20:59 - 00720192 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-07-08 20:59 - 2016-07-08 20:59 - 00720192 _____ C:\Windows\system32\atiapfxx.blb
2016-07-08 20:58 - 2016-07-08 20:58 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-07-08 20:58 - 2016-07-08 20:58 - 05643776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-07-08 20:58 - 2016-07-08 20:58 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-07-08 20:58 - 2016-07-08 20:58 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-07-08 20:58 - 2016-07-08 20:58 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-07-08 20:58 - 2016-07-08 20:58 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-07-08 20:58 - 2016-07-08 20:58 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-07-08 20:57 - 2016-07-08 20:57 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-07-08 20:57 - 2016-07-08 20:57 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-07-08 20:57 - 2016-07-08 20:57 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-07-08 20:55 - 2016-07-08 20:55 - 24836096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-07-08 20:55 - 2016-07-08 20:55 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-07-08 20:55 - 2016-07-08 20:55 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-07-08 20:54 - 2016-07-08 20:54 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-07-08 20:53 - 2016-07-08 20:53 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2016-07-08 20:53 - 2016-07-08 20:53 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2016-07-08 20:53 - 2016-07-08 20:53 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2016-07-08 20:53 - 2016-07-08 20:53 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2016-07-08 20:52 - 2016-07-08 20:52 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-07-08 20:52 - 2016-07-08 20:52 - 00274432 _____ C:\Windows\system32\dgtrayicon.exe
2016-07-08 20:52 - 2016-07-08 20:52 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-07-08 20:52 - 2016-07-08 20:52 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-07-08 20:52 - 2016-07-08 20:52 - 00212480 _____ C:\Windows\system32\atieah64.exe
2016-07-08 20:52 - 2016-07-08 20:52 - 00190464 _____ C:\Windows\SysWOW64\atieah32.exe
2016-07-08 20:51 - 2016-07-08 20:51 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-07-08 20:51 - 2016-07-08 20:51 - 00306688 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-07-08 20:51 - 2016-07-08 20:51 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-07-08 20:51 - 2016-07-08 20:51 - 00230912 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-07-08 20:51 - 2016-07-08 20:51 - 00202752 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-07-08 20:51 - 2016-07-08 20:51 - 00093696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-07-08 20:50 - 2016-07-08 20:50 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-07-08 20:47 - 2016-07-08 20:47 - 01309184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00976384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00976384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-07-08 20:47 - 2016-07-08 20:47 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-07-08 20:46 - 2016-07-08 20:46 - 00498176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-07-08 20:44 - 2016-07-08 20:44 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-07-08 20:44 - 2016-07-08 20:44 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-06-23 20:22 - 2016-06-23 20:22 - 00264992 _____ C:\Windows\SysWOW64\vulkan-1-1-0-17-0.dll
2016-06-23 20:21 - 2016-06-23 20:21 - 00257824 _____ C:\Windows\system32\vulkan-1-1-0-17-0.dll
2016-06-23 20:21 - 2016-06-23 20:21 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-17-0.exe
2016-06-23 20:20 - 2016-06-23 20:20 - 00125216 _____ C:\Windows\system32\vulkaninfo-1-1-0-17-0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 10:42 - 2009-07-14 07:13 - 00802250 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-20 10:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-20 10:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 09:31 - 2010-11-21 05:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-20 09:30 - 2010-11-21 05:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer_.exe.Back.4.57673453240503
2016-07-20 09:23 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 09:23 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-20 08:56 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-07-20 08:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2016-07-20 08:08 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-20 08:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-07-20 08:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2016-07-20 08:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-20 08:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-20 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-20 07:57 - 2009-07-14 06:45 - 00274736 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2010-11-21 05:24] - [2016-07-20 09:31] - 2872320 ____A (Microsoft Corporation) BC03306673C6A99FA5C5FF85F6F744B1

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-07-20 07:57

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by Thomas (2016-07-20 10:52:19)
Running from C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-20 06:02:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2297602522-1921712993-1644906987-500 - Administrator - Disabled)
Guest (S-1-5-21-2297602522-1921712993-1644906987-501 - Limited - Disabled)
Thomas (S-1-5-21-2297602522-1921712993-1644906987-1000 - Administrator - Enabled) => C:\Users\Thomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Catalyst Control Center Next Localization BR (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0708.1511.25486 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Malwarebytes Anti-Malware verzia 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
RogueKiller verze 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sunrise Seven 1.1.54 (HKLM-x32\...\{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1) (Version: - Sunrise Software)
Uninstall Silent Terminator (HKLM-x32\...\{22977085-25AD-42A7-B1EF-8444C94CB4B8}_is1) (Version: 1.3 - AMYD Projects)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WinRAR 5.31 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D3E4E9C-4532-401E-9194-4EBF03AEB764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-20] (Google Inc.)
Task: {7B6E2189-3FED-4B9F-8DEA-106E632CABBB} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-08] (Advanced Micro Devices, Inc.)
Task: {CAD59034-7DC0-4A87-B769-C9D540421100} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-20] (AVAST Software)
Task: {D52E2107-FE26-46C8-8FCB-F34CAFD1876C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-20] (AVAST Software)
Task: {D582D506-8D7C-4ABD-83AB-8A7D8F423FB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-20 09:47 - 2003-04-18 17:06 - 00008192 _____ () C:\Program Files (x86)\Silent Terminator\srvany.exe
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-07-20 08:23 - 2016-06-23 15:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-07-20 08:23 - 2016-06-23 15:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-07-20 08:48 - 2016-07-20 08:48 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-20 08:49 - 2016-07-20 08:49 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071901\algo.dll
2016-07-20 08:48 - 2016-07-20 08:48 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-20 08:48 - 2016-07-20 08:48 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-07-20 09:57 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 217.23.254.124 - 217.23.254.125
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 1) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A83E06F-98E9-49CF-BCBF-FDDCD44F181A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2016 10:34:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2016 10:33:52 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (07/20/2016 10:10:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2016 09:52:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2016 09:52:33 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (07/20/2016 09:49:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2016 09:49:30 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (07/20/2016 09:32:13 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/20/2016 09:27:05 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/20/2016 09:25:06 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

System errors:
=============
Error: (07/20/2016 10:38:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}

Error: (07/20/2016 10:35:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (07/20/2016 10:33:52 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8009004060, 0xfffffa8009004340, 0xfffff80002d90db0)C:\Windows\MEMORY.DMP072016-16676-01

Error: (07/20/2016 10:33:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:32:18 on ‎20. ‎7. ‎2016 was unexpected.

Error: (07/20/2016 10:10:43 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding5{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (07/20/2016 10:10:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (07/20/2016 09:52:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8008ef2b30, 0xfffffa8008ef2e10, 0xfffff80002da2db0)C:\Windows\MEMORY.DMP072016-16504-01

Error: (07/20/2016 09:52:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:50:16 on ‎20. ‎7. ‎2016 was unexpected.

Error: (07/20/2016 09:49:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Sieťový vstupno-výstupný ovládač staršej verzie na podporu zariadení TDI, od ktorej závisí služba DNS Client, zlyhalo kvôli nasledujúcej chybe:
%%577 = Systém Windows nemôže overiť digitálny podpis pre tento súbor. Pri poslednej zmene hardvérovej alebo softvérovej konfigurácie sa mohol nainštalovať súbor, ktorý je nesprávne podpísaný alebo poškodený, alebo to môže byť škodlivý softvér z neznámeho zdroja.

Error: (07/20/2016 09:49:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Sieťový vstupno-výstupný ovládač staršej verzie na podporu zariadení TDI zlyhalo kvôli nasledujúcej chybe:
%%577 = Systém Windows nemôže overiť digitálny podpis pre tento súbor. Pri poslednej zmene hardvérovej alebo softvérovej konfigurácie sa mohol nainštalovať súbor, ktorý je nesprávne podpísaný alebo poškodený, alebo to môže byť škodlivý softvér z neznámeho zdroja.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 30%
Total physical RAM: 8191.11 MB
Available physical RAM: 5695.71 MB
Total Virtual: 16380.43 MB
Available Virtual: 13330.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:91.35 GB) NTFS
Drive d: () (Fixed) (Total:348.47 GB) (Free:347.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4D154D14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Tomas0 · #2 Příspěvek od **Tomas0** » 20 črc 2016 15:25

Pomohol by niekto prosím ?

#3 Příspěvek od **Rudy** » 20 črc 2016 18:05

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Tomas0 · #4 Příspěvek od **Tomas0** » 20 črc 2016 20:01

A našiel som v Avaste IP adresu ktorá neni moja ale máme rovnakého providera v svchost.exe procese 217.23.254.124

Log
# AdwCleaner v5.201 - Log vytvorený 20/07/2016 v 20:53:47
# Aktualizované 30/06/2016 by ToolsLib
# Databáza : 2016-06-30.2 [Miestny]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : Thomas - THOMAS-PC
# Spustené z : C:\Users\Thomas\Desktop\adwcleaner_5.201.exe
# Nastavenie : Skenovať
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Priečinky ] *****

***** [ Súbory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupcovia ] *****

***** [ Naplánované úlohy ] *****

***** [ Registre ] *****

***** [ Webové prehliadače ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [699 bajtov] - [20/07/2016 20:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [772 bajtov] ##########

#5 Příspěvek od **Rudy** » 20 črc 2016 20:33

Toto je čisté. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Tomas0 · #6 Příspěvek od **Tomas0** » 21 črc 2016 08:39

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21. 7. 2016
Čas skenování: 8:35
Protokol: Malwarebyte.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.20.03
Databáze rootkitů: v2016.05.27.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Thomas

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270250
Uplynulý čas: 3 min, 18 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 1
Hijack.FolderOptions, HKU\S-1-5-21-2297602522-1921712993-1644906987-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions,Žádná akce od uživatele,[94af40e63b5fbd799e611c14b54e0df3]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#7 Příspěvek od **Rudy** » 21 črc 2016 17:10

Nález smažte.

Tomas0 · #8 Příspěvek od **Tomas0** » 21 črc 2016 18:23

Zmazal som ale znova sa objavil môžem sa spýtať ? Kde sa má nachádzať $RECYCLE.BIN a čo má obsahovať ? Ešte pridávam čo našiel Rougekiller nového...

Kód: Vybrat vše

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2297602522-1921712993-1644906987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2297602522-1921712993-1644906987-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0

#9 Příspěvek od **Rudy** » 21 črc 2016 18:59

Recycle.bin je koš.

Tomas0 · #10 Příspěvek od **Tomas0** » 21 črc 2016 20:29

Ja viem ale obsahuje súbory ako je to vsade a stale sa ten malware vracia mohol by som sa spytať existuje niejaký porgram ktorý ty zistí IP adresy rsp:MAC Adresy aké cudzie PC je na teba zapojene konkretne Apple MAC ?

Kód: Vybrat vše

S-1-5-21-2297602522-1921712993-1644906987-1000

#11 Příspěvek od **Rudy** » 21 črc 2016 21:05

Před připojením by vás měl varovat antivir. Jinak koš vyčistí CCleaner: http://forum.viry.cz/viewtopic.php?f=46&t=7478 .

Tomas0 · #12 Příspěvek od **Tomas0** » 22 črc 2016 01:07

A čo bude s tým PUM DNS stále sa to zobrazí aj ked to vymazem aj PUM Start menu teraz som použil proxy server pomoze to ?

#13 Příspěvek od **Rudy** » 22 črc 2016 10:47

Možná ano, podle všech slenů máte PC čistý.

Tomas0 · #14 Příspěvek od **Tomas0** » 22 črc 2016 11:25

Dobrý deň,v poriadku mohol by som poprosiť o kontrolu logu RSIT prosím ? a vedel by ste my poslať fixlist na to PUM DNS lebo stále ked to dám odstraniť tak ot tam stále naskoči a ešte aj to Start Menu aj to malware Hijack.Folder...

Log Info

info.txt logfile of random's system information tool 1.10 2016-07-22 12:03:44

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A144D154D00008020210007DF130C000800000020030000DF140C07FEFFFF002803000000A60E00FEFFFF07FEFFFF0028A90E00308F2B0000000000000000000000000000000055AA

======Uninstall list======

AMD Drag and Drop Transcoding-->MsiExec.exe /X{0A1E061C-CE2F-68B7-AF9F-C4A4E3086C5C}
AMD Install Manager-->"C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" /UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO
AMD Install Manager-->msiexec /q/x{B3CF8E1F-964A-4ECB-600D-5A8C48C96780} REBOOT=ReallySuppress
AMD Settings - Branding-->MsiExec.exe /I{78ACE60E-0CB7-4935-BCD4-F33422105607}
Argente - Registry Cleaner 3.1.0.1-->"C:\Program Files (x86)\Argente - Registry Cleaner\unins000.exe"
Avast Internet Security-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
Battlefield 4™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Cleanup.exe" uninstall_game -autologging
Battlelog Web Plugins-->C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ESN Sonar-->C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Malwarebytes Anti-Malware verzia 2.2.1.1043-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Mem Reduct-->"C:\Program Files\Mem Reduct\uninstall.exe"
Microsoft .NET Framework 4.5-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5-->MsiExec.exe /X{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610-->"C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610-->"C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610-->MsiExec.exe /X{764384C5-BCA9-307C-9AAC-FD443662686A}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Mozilla Firefox 47.0.1 (x86 sk)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
PunkBuster Services-->D:\Battlefield 4\Battlefield 4\pbsvc.exe -u
RogueKiller verze 12-->"C:\Program Files\RogueKiller\unins000.exe"
Sunrise Seven 1.1.54-->"C:\Program Files (x86)\Sunrise Seven\unins000.exe"
SUPERAntiSpyware-->"C:\Users\Thomas\Desktop\dsasda\Uninstall.exe"
Uninstall Silent Terminator-->"C:\Program Files (x86)\Silent Terminator\unins000.exe"
Unlocker 1.9.2-->C:\Program Files\Unlocker\uninst.exe
Vulkan Run Time Libraries 1.0.17.0-->C:\Program Files (x86)\VulkanRT\1.0.17.0\UninstallVulkanRT.exe
WinRAR 5.31 (64-bitová verzia)-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: Thomas-PC
Event Code: 7009
Message: Počas čakania na pripojenie služby Windows Search bol dosiahnutý časový limit (30000 ms).
Record Number: 13530
Source Name: Service Control Manager
Time Written: 20160722001439.716021-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 7031
Message: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Record Number: 13529
Source Name: Service Control Manager
Time Written: 20160722001419.762730-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 10000
Message: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"5"
Happened while starting this command:
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Record Number: 13528
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20160722001419.000000-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 7031
Message: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Record Number: 13524
Source Name: Service Control Manager
Time Written: 20160722001409.406306-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 7024
Message: Služba Windows Search bola ukončená s chybou služby %%-1073473535.
Record Number: 13523
Source Name: Service Control Manager
Time Written: 20160722001409.406306-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Thomas-PC
Event Code: 9000
Message:
Record Number: 2122
Source Name: Microsoft-Windows-Search
Time Written: 20160722001408.000000-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 455
Message: Windows (3160) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000F.log.
Record Number: 2121
Source Name: ESENT
Time Written: 20160722001408.000000-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 2116
Source Name: Microsoft-Windows-WMI
Time Written: 20160722001354.000000-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 16388
Message: ATI EEU Client event error
Record Number: 2112
Source Name: ATIeRecord
Time Written: 20160722001349.000000-000
Event Type: Error
User:

Computer Name: Thomas-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2297602522-1921712993-1644906987-1000:
Process 1248 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2297602522-1921712993-1644906987-1000

Record Number: 2109
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160722001259.219752-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Thomas-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5533
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160722000904.235578-000
Event Type: Audit Success
User:

Computer Name: Thomas-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: THOMAS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5532
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160722000904.235578-000
Event Type: Audit Success
User:

Computer Name: Thomas-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5531
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160722000904.028569-000
Event Type: Audit Success
User:

Computer Name: Thomas-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: THOMAS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5530
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160722000904.028569-000
Event Type: Audit Success
User:

Computer Name: Thomas-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2297602522-1921712993-1644906987-1000
Account Name: Thomas
Domain Name: Thomas-PC
Logon ID: 0x3df26b
Record Number: 5529
Source Name: Microsoft-Windows-Eventlog
Time Written: 20160722000814.755465-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

Log.txt

Logfile of random's system information tool 1.10 (written by random/random)
Run by Thomas at 2016-07-22 12:03:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 88 GB (73%) free of 120 GB
Total RAM: 8191 MB (93% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Users\Thomas\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 86f827a4-1896-4cde-9f57-114497bf395f.job - C:\Users\Thomas\Desktop\dsasda\SASTask.exe "C:\Users\Thomas\Desktop\dsasda\SUPERAntiSpyware.exe" /TASK:86f827a4-1896-4cde-9f57-114497bf395f
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9b8ae739-9f5f-4d32-90cb-145ae8067ded.job - C:\Users\Thomas\Desktop\dsasda\SASTask.exe "C:\Users\Thomas\Desktop\dsasda\SUPERAntiSpyware.exe" /TASK:9b8ae739-9f5f-4d32-90cb-145ae8067ded

=========Mozilla firefox=========

ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\64guurk1.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-07-08 6638472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-07-13 8891608]
"SUPERAntiSpyware"=C:\Users\Thomas\Desktop\dsasda\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-07-20 8900328]
"Silent Terminator"=C:\Program Files (x86)\Silent Terminator\Silent Terminator.exe [2014-07-12 2068480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mbamchameleon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=1
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=1
"NoSecurityTab"=1
"NoWindowsUpdate"=1
"DisallowCpl"=1
"NoStartMenuMorePrograms"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-07-22 12:03:42 ----D---- C:\Program Files\trend micro
2016-07-22 12:03:05 ----A---- C:\Windows\ntbtlog.txt
2016-07-22 11:58:56 ----D---- C:\rsit
2016-07-22 03:25:46 ----D---- C:\Users\Thomas\AppData\Roaming\SUPERAntiSpyware.com
2016-07-22 03:25:22 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2016-07-22 03:20:44 ----A---- C:\Windows\wininit.ini
2016-07-22 03:18:56 ----D---- C:\Program Files (x86)\PeerGuardian2
2016-07-22 03:11:36 ----SHD---- C:\$RECYCLE.BIN
2016-07-22 02:46:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-07-22 02:46:14 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-22 02:13:36 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-07-22 00:57:23 ----D---- C:\Program Files\CCleaner
2016-07-21 23:20:28 ----D---- C:\AdwCleaner
2016-07-21 19:23:34 ----D---- C:\Windows\pss
2016-07-21 16:24:43 ----D---- C:\Users\Thomas\AppData\Roaming\Mozilla
2016-07-21 16:24:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-07-21 16:08:42 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2016-07-21 14:35:24 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2016-07-21 14:35:21 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2016-07-21 14:35:17 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2016-07-21 14:35:17 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2016-07-21 14:35:17 ----A---- C:\Windows\system32\XAudio2_7.dll
2016-07-21 14:35:17 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2016-07-21 14:35:16 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2016-07-21 14:35:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2016-07-21 14:35:16 ----A---- C:\Windows\system32\xactengine3_7.dll
2016-07-21 14:35:16 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2016-07-21 14:35:15 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2016-07-21 14:35:15 ----A---- C:\Windows\system32\d3dcsx_43.dll
2016-07-21 14:35:14 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2016-07-21 14:35:14 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2016-07-21 14:35:14 ----A---- C:\Windows\system32\d3dx11_43.dll
2016-07-21 14:35:14 ----A---- C:\Windows\system32\d3dx10_43.dll
2016-07-21 14:35:12 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2016-07-21 14:35:12 ----A---- C:\Windows\system32\D3DX9_43.dll
2016-07-21 14:35:11 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2016-07-21 14:35:11 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2016-07-21 14:35:11 ----A---- C:\Windows\system32\XAudio2_6.dll
2016-07-21 14:35:11 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2016-07-21 14:35:10 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2016-07-21 14:35:10 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2016-07-21 14:35:10 ----A---- C:\Windows\system32\xactengine3_6.dll
2016-07-21 14:35:10 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2016-07-21 14:35:08 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2016-07-21 14:35:08 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2016-07-21 14:35:08 ----A---- C:\Windows\system32\XAudio2_5.dll
2016-07-21 14:35:08 ----A---- C:\Windows\system32\xactengine3_5.dll
2016-07-21 14:35:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2016-07-21 14:35:07 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2016-07-21 14:35:06 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2016-07-21 14:35:06 ----A---- C:\Windows\system32\d3dcsx_42.dll
2016-07-21 14:35:05 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2016-07-21 14:35:05 ----A---- C:\Windows\system32\d3dx11_42.dll
2016-07-21 14:35:04 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2016-07-21 14:35:04 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2016-07-21 14:35:04 ----A---- C:\Windows\system32\D3DX9_42.dll
2016-07-21 14:35:04 ----A---- C:\Windows\system32\d3dx10_42.dll
2016-07-21 14:35:03 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2016-07-21 14:35:03 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2016-07-21 14:35:03 ----A---- C:\Windows\system32\d3dx10_41.dll
2016-07-21 14:35:03 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2016-07-21 14:35:02 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2016-07-21 14:35:02 ----A---- C:\Windows\system32\D3DX9_41.dll
2016-07-21 14:35:01 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2016-07-21 14:35:01 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2016-07-21 14:35:01 ----A---- C:\Windows\system32\XAudio2_4.dll
2016-07-21 14:35:01 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2016-07-21 14:35:00 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2016-07-21 14:35:00 ----A---- C:\Windows\system32\xactengine3_4.dll
2016-07-21 14:34:59 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2016-07-21 14:34:59 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2016-07-21 14:34:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2016-07-21 14:34:59 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2016-07-21 14:34:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-07-21 14:34:59 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2016-07-21 14:34:58 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2016-07-21 14:34:58 ----A---- C:\Windows\system32\D3DX9_40.dll
2016-07-21 14:34:57 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2016-07-21 14:34:57 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2016-07-21 14:34:57 ----A---- C:\Windows\system32\XAudio2_3.dll
2016-07-21 14:34:57 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2016-07-21 14:34:56 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2016-07-21 14:34:56 ----A---- C:\Windows\system32\xactengine3_3.dll
2016-07-21 14:34:55 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2016-07-21 14:34:55 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2016-07-21 14:34:54 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2016-07-21 14:34:54 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2016-07-21 14:34:54 ----A---- C:\Windows\system32\XAudio2_2.dll
2016-07-21 14:34:54 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2016-07-21 14:34:53 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2016-07-21 14:34:53 ----A---- C:\Windows\system32\xactengine3_2.dll
2016-07-21 14:34:52 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2016-07-21 14:34:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2016-07-21 14:34:52 ----A---- C:\Windows\system32\d3dx10_39.dll
2016-07-21 14:34:52 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2016-07-21 14:34:51 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2016-07-21 14:34:51 ----A---- C:\Windows\system32\D3DX9_39.dll
2016-07-21 14:34:50 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2016-07-21 14:34:50 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2016-07-21 14:34:50 ----A---- C:\Windows\system32\XAudio2_1.dll
2016-07-21 14:34:50 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2016-07-21 14:34:49 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2016-07-21 14:34:49 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2016-07-21 14:34:49 ----A---- C:\Windows\system32\xactengine3_1.dll
2016-07-21 14:34:49 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2016-07-21 14:34:48 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2016-07-21 14:34:48 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2016-07-21 14:34:48 ----A---- C:\Windows\system32\d3dx10_38.dll
2016-07-21 14:34:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2016-07-21 14:34:47 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2016-07-21 14:34:47 ----A---- C:\Windows\system32\D3DX9_38.dll
2016-07-21 14:34:46 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2016-07-21 14:34:46 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2016-07-21 14:34:46 ----A---- C:\Windows\system32\XAudio2_0.dll
2016-07-21 14:34:46 ----A---- C:\Windows\system32\xactengine3_0.dll
2016-07-21 14:34:45 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2016-07-21 14:34:45 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2016-07-21 14:34:44 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2016-07-21 14:34:44 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2016-07-21 14:34:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2016-07-21 14:34:44 ----A---- C:\Windows\system32\D3DX9_37.dll
2016-07-21 14:34:44 ----A---- C:\Windows\system32\d3dx10_37.dll
2016-07-21 14:34:44 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2016-07-21 14:34:43 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2016-07-21 14:34:43 ----A---- C:\Windows\system32\xactengine2_10.dll
2016-07-21 14:34:42 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2016-07-21 14:34:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2016-07-21 14:34:42 ----A---- C:\Windows\system32\d3dx10_36.dll
2016-07-21 14:34:42 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2016-07-21 14:34:41 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2016-07-21 14:34:41 ----A---- C:\Windows\system32\d3dx9_36.dll
2016-07-21 14:34:40 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2016-07-21 14:34:40 ----A---- C:\Windows\system32\xactengine2_9.dll
2016-07-21 14:34:39 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2016-07-21 14:34:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2016-07-21 14:34:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2016-07-21 14:34:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2016-07-21 14:34:38 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2016-07-21 14:34:38 ----A---- C:\Windows\system32\d3dx9_35.dll
2016-07-21 14:34:37 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2016-07-21 14:34:37 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2016-07-21 14:34:37 ----A---- C:\Windows\system32\xactengine2_8.dll
2016-07-21 14:34:37 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2016-07-21 14:34:36 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2016-07-21 14:34:36 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2016-07-21 14:34:36 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2016-07-21 14:34:36 ----A---- C:\Windows\system32\d3dx9_34.dll
2016-07-21 14:34:36 ----A---- C:\Windows\system32\d3dx10_34.dll
2016-07-21 14:34:36 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2016-07-21 14:34:35 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2016-07-21 14:34:35 ----A---- C:\Windows\system32\xinput1_3.dll
2016-07-21 14:34:34 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2016-07-21 14:34:34 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2016-07-21 14:34:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2016-07-21 14:34:34 ----A---- C:\Windows\system32\xactengine2_7.dll
2016-07-21 14:34:34 ----A---- C:\Windows\system32\d3dx10_33.dll
2016-07-21 14:34:34 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2016-07-21 14:34:33 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2016-07-21 14:34:33 ----A---- C:\Windows\system32\d3dx9_33.dll
2016-07-21 14:34:32 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2016-07-21 14:34:32 ----A---- C:\Windows\system32\xactengine2_6.dll
2016-07-21 14:34:31 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2016-07-21 14:34:31 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2016-07-21 14:34:31 ----A---- C:\Windows\system32\xactengine2_5.dll
2016-07-21 14:34:31 ----A---- C:\Windows\system32\d3dx10.dll
2016-07-21 14:34:30 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2016-07-21 14:34:30 ----A---- C:\Windows\system32\d3dx9_32.dll
2016-07-21 14:34:29 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2016-07-21 14:34:29 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2016-07-21 14:34:29 ----A---- C:\Windows\system32\xactengine2_4.dll
2016-07-21 14:34:29 ----A---- C:\Windows\system32\x3daudio1_1.dll
2016-07-21 14:34:28 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2016-07-21 14:34:28 ----A---- C:\Windows\system32\d3dx9_31.dll
2016-07-21 14:34:27 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2016-07-21 14:34:27 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2016-07-21 14:34:27 ----A---- C:\Windows\system32\xinput1_2.dll
2016-07-21 14:34:27 ----A---- C:\Windows\system32\xactengine2_3.dll
2016-07-21 14:34:26 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2016-07-21 14:34:26 ----A---- C:\Windows\system32\xactengine2_2.dll
2016-07-21 14:34:25 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2016-07-21 14:34:25 ----A---- C:\Windows\system32\xinput1_1.dll
2016-07-21 14:34:24 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2016-07-21 14:34:24 ----A---- C:\Windows\system32\xactengine2_1.dll
2016-07-21 14:34:18 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2016-07-21 14:34:18 ----A---- C:\Windows\system32\d3dx9_30.dll
2016-07-21 14:34:16 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2016-07-21 14:34:16 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2016-07-21 14:34:16 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2016-07-21 14:34:16 ----A---- C:\Windows\system32\xactengine2_0.dll
2016-07-21 14:34:16 ----A---- C:\Windows\system32\x3daudio1_0.dll
2016-07-21 14:34:16 ----A---- C:\Windows\system32\d3dx9_29.dll
2016-07-21 14:34:15 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2016-07-21 14:34:15 ----A---- C:\Windows\system32\d3dx9_28.dll
2016-07-21 14:34:14 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2016-07-21 14:34:14 ----A---- C:\Windows\system32\d3dx9_27.dll
2016-07-21 14:34:13 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2016-07-21 14:34:13 ----A---- C:\Windows\system32\d3dx9_26.dll
2016-07-21 14:34:12 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2016-07-21 14:34:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2016-07-21 14:34:11 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2016-07-21 14:34:11 ----A---- C:\Windows\system32\d3dx9_24.dll
2016-07-21 13:13:19 ----D---- C:\Program Files (x86)\Origin Games
2016-07-21 13:10:46 ----D---- C:\Users\Thomas\AppData\Roaming\Origin
2016-07-21 13:08:34 ----D---- C:\ProgramData\Origin
2016-07-21 13:08:33 ----D---- C:\ProgramData\Electronic Arts
2016-07-21 13:05:14 ----D---- C:\Program Files (x86)\Origin
2016-07-21 12:28:08 ----D---- C:\Windows\Anonymous Theme
2016-07-21 11:39:34 ----D---- C:\Program Files (x86)\Argente - Registry Cleaner
2016-07-20 15:26:48 ----D---- C:\Users\Thomas\AppData\Roaming\Henry++
2016-07-20 15:26:46 ----D---- C:\Program Files\Mem Reduct
2016-07-20 12:46:55 ----D---- C:\Program Files\Unlocker
2016-07-20 09:49:24 ----D---- C:\Windows\Minidump
2016-07-20 09:47:34 ----D---- C:\Program Files (x86)\Silent Terminator
2016-07-20 09:09:32 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2016-07-20 09:09:32 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2016-07-20 09:09:32 ----A---- C:\Windows\system32\vulkaninfo.exe
2016-07-20 09:09:32 ----A---- C:\Windows\system32\vulkan-1.dll
2016-07-20 09:09:28 ----D---- C:\Program Files (x86)\VulkanRT
2016-07-20 09:08:29 ----D---- C:\Program Files (x86)\AMD
2016-07-20 09:07:53 ----D---- C:\Program Files\Common Files\ATI Technologies
2016-07-20 09:06:33 ----D---- C:\ProgramData\Package Cache
2016-07-20 09:04:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-07-20 09:03:29 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-07-20 09:02:43 ----D---- C:\Program Files\AMD
2016-07-20 08:59:18 ----D---- C:\Program Files\Common Files\AV
2016-07-20 08:56:17 ----D---- C:\Windows\Panther
2016-07-20 08:49:38 ----D---- C:\Users\Thomas\AppData\Roaming\AVAST Software
2016-07-20 08:49:10 ----A---- C:\Windows\system32\drivers\aswStm.sys
2016-07-20 08:49:09 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2016-07-20 08:49:09 ----A---- C:\Windows\system32\drivers\aswsp.sys
2016-07-20 08:49:09 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2016-07-20 08:49:09 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2016-07-20 08:49:08 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2016-07-20 08:49:08 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2016-07-20 08:49:06 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2016-07-20 08:49:05 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2016-07-20 08:49:01 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-07-20 08:49:01 ----A---- C:\Windows\system32\ucrtbase.dll
2016-07-20 08:49:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-07-20 08:48:58 ----A---- C:\Windows\avastSS.scr
2016-07-20 08:48:56 ----A---- C:\Windows\system32\drivers\aswTap.sys
2016-07-20 08:48:55 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2016-07-20 08:48:32 ----D---- C:\Program Files\AVAST Software
2016-07-20 08:48:21 ----D---- C:\ProgramData\AVAST Software
2016-07-20 08:47:00 ----D---- C:\Users\Thomas\AppData\Roaming\WinRAR
2016-07-20 08:46:29 ----D---- C:\Program Files\WinRAR
2016-07-20 08:37:43 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-07-20 08:37:20 ----D---- C:\Program Files\RogueKiller
2016-07-20 08:37:10 ----D---- C:\ProgramData\RogueKiller
2016-07-20 08:27:09 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-07-20 08:27:00 ----SHD---- C:\Windows\Installer
2016-07-20 08:26:54 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-07-20 08:26:53 ----D---- C:\ProgramData\Malwarebytes
2016-07-20 08:26:53 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 08:26:53 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-07-20 08:26:53 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-07-20 08:25:30 ----D---- C:\Program Files (x86)\Sunrise Seven
2016-07-20 08:22:51 ----D---- C:\Program Files (x86)\Google
2016-07-20 08:10:03 ----A---- C:\Windows\system32\perfh01B.dat
2016-07-20 08:10:03 ----A---- C:\Windows\system32\perfc01B.dat
2016-07-20 08:03:39 ----D---- C:\Windows\SoftwareDistribution
2016-07-20 08:02:19 ----SD---- C:\Users\Thomas\AppData\Roaming\Microsoft
2016-07-20 08:02:19 ----D---- C:\Users\Thomas\AppData\Roaming\Media Center Programs
2016-07-20 08:02:13 ----SHD---- C:\Recovery
2016-07-20 07:57:45 ----D---- C:\Windows\Prefetch
2016-07-20 07:57:16 ----ASH---- C:\pagefile.sys
2016-07-20 07:57:13 ----SHD---- C:\System Volume Information
2016-07-20 07:57:13 ----ASH---- C:\hiberfil.sys
2016-07-08 21:37:02 ----A---- C:\Windows\system32\amdave64.dll
2016-07-08 21:37:00 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2016-07-08 21:36:50 ----A---- C:\Windows\system32\amdhcp64.dll
2016-07-08 21:36:48 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2016-07-08 21:36:46 ----A---- C:\Windows\system32\atimpc64.dll
2016-07-08 21:36:46 ----A---- C:\Windows\system32\amdpcom64.dll
2016-07-08 21:36:44 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2016-07-08 21:36:44 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2016-07-08 21:36:32 ----A---- C:\Windows\system32\atiuxp64.dll
2016-07-08 21:36:30 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2016-07-08 21:36:26 ----A---- C:\Windows\system32\atiu9p64.dll
2016-07-08 21:36:24 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2016-07-08 21:36:22 ----A---- C:\Windows\system32\aticfx64.dll
2016-07-08 21:36:18 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2016-07-08 21:36:12 ----A---- C:\Windows\system32\atidxx64.dll
2016-07-08 21:36:06 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2016-07-08 21:35:58 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2016-07-08 21:35:50 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2016-07-08 21:35:42 ----A---- C:\Windows\system32\atiumd6a.dll
2016-07-08 21:35:38 ----A---- C:\Windows\system32\atiumd64.dll
2016-07-08 21:33:10 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2016-07-08 21:29:40 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2016-07-08 21:23:42 ----A---- C:\Windows\system32\clinfo.exe
2016-07-08 21:23:36 ----A---- C:\Windows\system32\amdocl64.dll
2016-07-08 21:22:38 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2016-07-08 21:21:44 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2016-07-08 21:21:44 ----A---- C:\Windows\system32\OpenCL.dll
2016-07-08 21:21:22 ----A---- C:\Windows\system32\amdvlk64.dll
2016-07-08 21:19:58 ----A---- C:\Windows\system32\amdocl12cl64.dll
2016-07-08 21:19:50 ----A---- C:\Windows\SYSWOW64\amdocl12cl.dll
2016-07-08 21:17:04 ----A---- C:\Windows\SYSWOW64\amdvlk32.dll
2016-07-08 21:03:50 ----A---- C:\Windows\system32\atio6axx.dll
2016-07-08 21:02:40 ----A---- C:\Windows\system32\amdlvr64.dll
2016-07-08 21:02:26 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2016-07-08 21:02:12 ----A---- C:\Windows\system32\mantle64.dll
2016-07-08 21:02:08 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2016-07-08 21:02:02 ----A---- C:\Windows\system32\amdmantle64.dll
2016-07-08 21:00:40 ----A---- C:\Windows\system32\coinst_16.20.dll
2016-07-08 20:58:56 ----A---- C:\Windows\system32\atiapfxx.exe
2016-07-08 20:58:50 ----A---- C:\Windows\system32\aticalrt64.dll
2016-07-08 20:58:48 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2016-07-08 20:58:40 ----A---- C:\Windows\system32\aticalcl64.dll
2016-07-08 20:58:38 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2016-07-08 20:58:26 ----A---- C:\Windows\system32\aticaldd64.dll
2016-07-08 20:58:20 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2016-07-08 20:57:32 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2016-07-08 20:57:00 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2016-07-08 20:57:00 ----A---- C:\Windows\system32\amdmmcl6.dll
2016-07-08 20:55:48 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2016-07-08 20:55:20 ----A---- C:\Windows\system32\mantleaxl64.dll
2016-07-08 20:55:18 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2016-07-08 20:53:14 ----A---- C:\Windows\SYSWOW64\ativvsvl.dat
2016-07-08 20:53:14 ----A---- C:\Windows\SYSWOW64\ativvsva.dat
2016-07-08 20:53:14 ----A---- C:\Windows\system32\ativvsvl.dat
2016-07-08 20:53:14 ----A---- C:\Windows\system32\ativvsva.dat
2016-07-08 20:52:18 ----A---- C:\Windows\system32\atidemgy.dll
2016-07-08 20:52:14 ----A---- C:\Windows\system32\dgtrayicon.exe
2016-07-08 20:52:08 ----A---- C:\Windows\system32\GameManager64.dll
2016-07-08 20:52:06 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2016-07-08 20:52:02 ----A---- C:\Windows\system32\atieah64.exe
2016-07-08 20:52:00 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2016-07-08 20:51:56 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2016-07-08 20:51:54 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2016-07-08 20:51:50 ----A---- C:\Windows\system32\atimuixx.dll
2016-07-08 20:51:46 ----A---- C:\Windows\system32\atieclxx.exe
2016-07-08 20:51:34 ----A---- C:\Windows\system32\atiesrxx.exe
2016-07-08 20:51:02 ----A---- C:\Windows\system32\atitmm64.dll
2016-07-08 20:47:30 ----A---- C:\Windows\system32\atiadlxx.dll
2016-07-08 20:47:24 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2016-07-08 20:47:24 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2016-07-08 20:47:18 ----A---- C:\Windows\system32\atisamu64.dll
2016-07-08 20:47:16 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2016-07-08 20:47:14 ----A---- C:\Windows\system32\atig6pxx.dll
2016-07-08 20:47:12 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2016-07-08 20:47:12 ----A---- C:\Windows\system32\atiglpxx.dll
2016-07-08 20:47:08 ----A---- C:\Windows\system32\atig6txx.dll
2016-07-08 20:47:06 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2016-07-08 20:47:02 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2016-07-08 20:46:56 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2016-07-08 20:44:58 ----A---- C:\Windows\SYSWOW64\hsa-thunk.dll
2016-07-08 20:44:58 ----A---- C:\Windows\system32\hsa-thunk64.dll
2016-06-23 20:22:00 ----A---- C:\Windows\SYSWOW64\vulkan-1-1-0-17-0.dll
2016-06-23 20:21:24 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-1-0-17-0.exe
2016-06-23 20:21:06 ----A---- C:\Windows\system32\vulkan-1-1-0-17-0.dll
2016-06-23 20:20:28 ----A---- C:\Windows\system32\vulkaninfo-1-1-0-17-0.exe
2016-06-17 21:05:00 ----A---- C:\Windows\system32\ativvaxy_stn_nd.dat
2016-06-17 20:57:22 ----A---- C:\Windows\system32\ativvaxy_el_nd.dat
2016-06-04 19:11:52 ----A---- C:\Windows\system32\amdicdxx.dat

======List of files/folders modified in the last 3 months======

2016-07-22 12:03:42 ----RD---- C:\Program Files
2016-07-22 12:03:05 ----D---- C:\Windows
2016-07-22 12:00:58 ----D---- C:\Windows\Temp
2016-07-22 11:37:53 ----D---- C:\Windows\system32\LogFiles
2016-07-22 03:39:42 ----D---- C:\Windows\system32\drivers
2016-07-22 03:37:45 ----D---- C:\Windows\System32
2016-07-22 03:37:45 ----D---- C:\Windows\inf
2016-07-22 03:37:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-07-22 03:25:50 ----D---- C:\Windows\Tasks
2016-07-22 03:25:50 ----D---- C:\Windows\system32\Tasks
2016-07-22 03:25:44 ----HD---- C:\ProgramData
2016-07-22 03:20:50 ----SD---- C:\ProgramData\Microsoft
2016-07-22 03:18:56 ----RD---- C:\Program Files (x86)
2016-07-22 02:40:58 ----D---- C:\Windows\SysWOW64
2016-07-22 02:13:27 ----D---- C:\Windows\Resources
2016-07-22 00:59:29 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-07-22 00:59:28 ----D---- C:\Windows\Logs
2016-07-21 21:57:02 ----RD---- C:\Users
2016-07-21 21:50:38 ----D---- C:\Windows\system32\wbem
2016-07-21 21:50:01 ----D---- C:\Windows\winsxs
2016-07-21 21:50:01 ----D---- C:\Windows\system32\DriverStore
2016-07-21 21:50:01 ----D---- C:\Windows\system32\drivers\etc
2016-07-21 21:50:01 ----D---- C:\Windows\system32\CodeIntegrity
2016-07-21 21:50:01 ----D---- C:\Windows\system32\catroot2
2016-07-21 21:50:01 ----D---- C:\Windows\rescache
2016-07-21 21:50:01 ----D---- C:\Windows\registration
2016-07-21 21:50:01 ----D---- C:\Windows\Microsoft.NET
2016-07-21 21:50:01 ----D---- C:\Windows\AppCompat
2016-07-21 17:52:37 ----D---- C:\Windows\schemas
2016-07-21 14:37:33 ----D---- C:\Program Files (x86)\Common Files
2016-07-21 14:34:24 ----RSD---- C:\Windows\assembly
2016-07-21 13:05:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-07-21 12:17:09 ----D---- C:\Windows\system32\catroot
2016-07-21 11:13:21 ----D---- C:\Windows\debug
2016-07-21 10:52:00 ----D---- C:\Windows\system32\config
2016-07-20 09:31:15 ----A---- C:\Windows\explorer.exe
2016-07-20 09:17:23 ----D---- C:\Windows\system32\wdi
2016-07-20 09:07:53 ----D---- C:\Program Files\Common Files
2016-07-20 09:03:30 ----D---- C:\Windows\SYSWOW64\en-US
2016-07-20 09:03:30 ----D---- C:\Windows\system32\en-US
2016-07-20 08:29:25 ----D---- C:\Windows\system32\oobe
2016-07-20 08:08:48 ----D---- C:\Program Files\Windows Media Player
2016-07-20 08:08:48 ----D---- C:\Program Files\DVD Maker
2016-07-20 08:08:46 ----D---- C:\Windows\SYSWOW64\wbem
2016-07-20 08:08:46 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-07-20 08:08:46 ----D---- C:\Windows\system32\spool
2016-07-20 08:08:46 ----D---- C:\Windows\PolicyDefinitions
2016-07-20 08:08:45 ----RSD---- C:\Windows\Fonts
2016-07-20 08:08:45 ----D---- C:\Windows\system32\sk-SK
2016-07-20 08:08:13 ----D---- C:\Windows\system32\restore
2016-07-20 08:00:08 ----D---- C:\Windows\system32\sysprep
2016-07-20 07:59:04 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2016-03-10 140672]
S0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-07-20 74544]
S0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-07-20 290088]
S1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-07-20 572120]
S1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-07-20 103064]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-07-20 1070904]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-07-20 473592]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Thomas\Desktop\dsasda\SASDIFSV64.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Thomas\Desktop\dsasda\SASKUTIL64.SYS []
S2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-07-20 37656]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-07-20 108304]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-07-20 162904]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-07-08 27004928]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-07-08 498176]
S3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-07-20 28312]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2016-07-20 44640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-03-30 96256]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-07-22 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2016-07-22 28272]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-07-08 306688]
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-07-20 197128]
S2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-07-20 223600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-07-21 76888]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2016-07-21 2122248]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Tomas0 · #15 Příspěvek od **Tomas0** » 22 črc 2016 14:44

Prosím vás a kde nájdem %system_directory%/DNS ? ako ho odkrijem....

VIRY.CZ

Hijacking DNS (PUM DNS)

Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)

Re: Hijacking DNS (PUM DNS)