Kontrola Logu

Zpráva

Alyxxik · #1 Příspěvek od **Alyxxik** » 03 úno 2015 20:50

Zdravím! Možná jste slyšeli, že před nedávnem na službě Steam řádil virus, který uživatelům posílal zprávu s odkazem, který měl v případě kliknutí pro uživatele někdy až katastrofální následky (známý na to bohužel před nedávnem naletěl, když na to klikl, okamžitě se zpráva s virem odeslala všem přátelům.. Dnes už je jeho účet označen "HACKED" a zabanován). Osobně se podivným odkazům a zprávám od přátel v Angličtině vyhýbám. Bohužel se mi už podruhé stalo, že cca 5 vteřin po zapnutí Steam klienta jsem obdržel na svůj Steam profil do komentářů dvě ony zprávy se zavirovaným odkazem. A kamard mi poradil napsat tady, jestli nemám nějakou tu prasárnu v PC. Tak vám tady posílám výpisy z Logů, jestli by někdo nebyl tak ochotný a podíval se na to, případně mi poradil. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Alyxxik (administrator) on KASTRATOR on 03-02-2015 20:20:09
Running from E:\
Loaded Profiles: Alyxxik (Available profiles: Alyxxik)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Beepa P/L) C:\Fraps\fraps.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(BitTorrent Inc.) E:\Program Files (x86)\uTorrent\utorrent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Alberto Martínez Pérez) C:\Program Files (x86)\AMP WinOFF\WinOFF.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) E:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [uTorrent] => E:\Program Files (x86)\uTorrent\utorrent.exe [880640 2013-08-08] (BitTorrent Inc.)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [LightShot] => C:\Users\Alyxxik\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [AMP WinOFF] => c:\program files (x86)\amp winoff\winoff.exe [1025024 2010-10-17] (Alberto Martínez Pérez)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\MountPoints2: {53861e7c-8dd5-11e4-8250-448a5b8ffec8} - "G:\Startme.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://mystart.incredibar.com/mb139?a=6PQJpGIXHi&i=26", "hxxp://www1.delta-search.com/?affID=119816&tt=gc_150213_alt&babsrc=HP_ss&mntrId=86E16CF049D06A22", "hxxp://www.google.com", "hxxp://www.delta-homes.com/?type=hp&ts=1388715 ... 07092A6839", "hxxp://www.delta-homes.com/?utm_source=b&utm_m ... 1393434667", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544535&from=amt&uid=M4-CT128M4SSD2_000000001307092A6839"
CHR DefaultSearchURL: Default -> http://www.google.com/cse?cx=partner-pu ... 4067623346
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Dokumenty Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Disk Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (YouTube) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Tabulky Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Peněženka Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-27] ()
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-18] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-01-18] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
S3 Lycosa; C:\Windows\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [31912 2014-12-30] (Razer Inc)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:19 - 2015-02-03 20:20 - 00000000 ____D () C:\FRST
2015-02-01 09:00 - 2013-07-02 16:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-02-01 00:24 - 2015-02-01 00:24 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-02-01 00:23 - 2015-02-02 20:37 - 00000000 ____D () C:\ProgramData\Tunngle
2015-02-01 00:23 - 2015-02-01 04:00 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00001003 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Users\Alyxxik\Documents\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2015-02-01 00:23 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-01-31 23:04 - 2015-01-31 23:05 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\next car game technology sneak peek
2015-01-31 22:26 - 2015-01-31 23:45 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-01-31 22:26 - 2015-01-31 23:45 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-01-31 22:26 - 2015-01-31 22:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-31 18:22 - 2015-01-31 18:22 - 00000000 __RHD () C:\Users\Alyxxik\AppData\Roaming\SecuROM
2015-01-31 18:15 - 2015-01-31 18:15 - 00000697 _____ () C:\Users\Public\Desktop\Crysis 3.lnk
2015-01-31 18:15 - 2015-01-31 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-01-31 18:03 - 2015-01-31 18:04 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Ubisoft Game Launcher
2015-01-31 18:03 - 2015-01-31 18:03 - 00001217 _____ () C:\Users\Alyxxik\Desktop\Uplay.lnk
2015-01-31 18:03 - 2015-01-31 18:03 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-01-31 18:03 - 2015-01-31 18:03 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-31 10:55 - 2015-01-31 10:55 - 00000000 ____D () C:\Users\Alyxxik\Documents\DyingLight
2015-01-31 10:55 - 2015-01-31 10:55 - 00000000 ____D () C:\ProgramData\Steam
2015-01-31 08:50 - 2015-01-31 08:50 - 00000747 _____ () C:\Users\Alyxxik\Desktop\Dying Light.lnk
2015-01-31 08:50 - 2015-01-31 08:50 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Dying Light
2015-01-31 08:50 - 2015-01-31 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-20 22:55 - 2015-01-20 23:01 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\ProgramData\EA Core
2015-01-18 20:40 - 2015-01-18 20:40 - 00000000 ____D () C:\Users\Alyxxik\Documents\Remedy
2015-01-18 17:37 - 2015-01-18 17:37 - 791996425 _____ () C:\Windows\MEMORY.DMP
2015-01-18 17:37 - 2015-01-18 17:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 14:45 - 2015-01-18 14:45 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\vlc
2015-01-18 13:43 - 2015-01-20 22:55 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\PunkBuster
2015-01-18 13:43 - 2015-01-18 13:53 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-18 13:28 - 2015-01-18 13:28 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\ESN
2015-01-18 12:48 - 2015-01-18 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-01-18 12:29 - 2015-01-18 12:29 - 00000811 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2015-01-18 12:29 - 2015-01-18 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-01-18 12:28 - 2015-01-31 19:04 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-18 12:28 - 2015-01-28 21:15 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-18 12:28 - 2015-01-18 12:48 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-18 12:13 - 2015-01-18 17:37 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Origin
2015-01-18 12:13 - 2015-01-18 12:14 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Origin
2015-01-18 12:10 - 2015-01-18 13:28 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-01-18 12:10 - 2015-01-18 12:10 - 00000708 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-01-18 12:10 - 2015-01-18 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-18 12:08 - 2015-02-03 18:37 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 12:04 - 2015-01-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-18 01:21 - 2015-01-31 16:33 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Battle.net
2015-01-18 01:21 - 2015-01-18 11:29 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Battle.net
2015-01-18 01:21 - 2015-01-18 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-18 01:21 - 2015-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-18 01:17 - 2015-01-18 01:17 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 17:37 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:37 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:37 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 17:37 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 17:37 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 17:37 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 17:37 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:37 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 17:37 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 17:37 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 17:37 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 17:37 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 17:37 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 17:37 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 17:37 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 17:37 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 17:37 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 17:37 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 17:37 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 17:37 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 17:37 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 14:16 - 2015-01-11 14:16 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\RzStats
2015-01-11 12:20 - 2015-01-11 12:20 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\DCS
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Seeing Machines
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\ProgramData\Seeing Machines
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VJoy Virtual Joystick Driver
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\Program Files (x86)\VJoy Virtual Joystick Driver
2015-01-10 21:11 - 2015-01-10 21:11 - 00002229 _____ () C:\Users\Public\Desktop\FaceTrackNoIR.lnk
2015-01-10 21:11 - 2015-01-10 21:11 - 00000000 ____D () C:\Program Files (x86)\Abbequerque Inc
2015-01-10 20:48 - 2015-01-10 20:48 - 00002103 _____ () C:\Users\Public\Desktop\NaturalPoint.lnk
2015-01-10 20:48 - 2015-01-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NaturalPoint
2015-01-10 20:48 - 2015-01-10 20:48 - 00000000 ____D () C:\Program Files (x86)\Naturalpoint
2015-01-10 20:48 - 2004-06-30 11:00 - 00008069 _____ () C:\Windows\SysWOW64\NPKBD.VXD
2015-01-10 20:48 - 2004-04-13 19:34 - 00146628 _____ (NaturalPoint) C:\Windows\SysWOW64\Drivers\npusbrnm.sys
2015-01-10 20:48 - 2004-03-30 07:48 - 00133156 _____ (NaturalPoint) C:\Windows\SysWOW64\Drivers\npusb.sys
2015-01-10 20:48 - 2000-10-25 14:25 - 00004883 _____ () C:\Windows\SysWOW64\EYECTRL.VXD
2015-01-08 19:59 - 2015-01-08 19:59 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Bohemia_Interactive
2015-01-08 19:59 - 2015-01-08 19:59 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Arma 3 Launcher
2015-01-06 07:26 - 2015-01-06 07:26 - 00001021 _____ () C:\Users\Public\Desktop\AMP WinOFF.lnk
2015-01-06 07:26 - 2015-01-06 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2015-01-06 07:26 - 2015-01-06 07:26 - 00000000 ____D () C:\Program Files (x86)\AMP WinOFF

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 20:18 - 2014-12-26 13:06 - 02016427 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 20:17 - 2014-12-30 22:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 20:16 - 2014-12-26 15:29 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Skype
2015-02-03 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 19:31 - 2014-12-26 14:20 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 18:35 - 2013-08-22 15:46 - 00034685 _____ () C:\Windows\setupact.log
2015-02-03 18:31 - 2014-12-26 13:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{04CF09DB-2EF1-4AE5-866F-8D0B689EB892}
2015-02-03 18:26 - 2014-12-26 13:14 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 18:23 - 2014-12-26 13:42 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Raptr
2015-02-03 18:22 - 2014-12-31 23:34 - 00003144 _____ () C:\Windows\System32\Tasks\FRAPS
2015-02-03 18:22 - 2014-12-31 23:34 - 00000000 ____D () C:\Fraps
2015-02-03 18:22 - 2014-12-26 14:20 - 00000976 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:22 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 22:18 - 2014-12-26 14:17 - 00000412 _____ () C:\Windows\Tasks\update-S-1-5-21-4244843792-632873021-3232718390-1001.job
2015-02-02 20:52 - 2014-12-26 14:17 - 00000412 _____ () C:\Windows\Tasks\update-sys.job
2015-02-02 20:35 - 2014-12-30 21:12 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\ArmA 2 OA
2015-02-02 18:21 - 2014-12-26 13:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4244843792-632873021-3232718390-1001
2015-02-02 17:43 - 2014-12-26 13:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-02 17:42 - 2014-12-26 13:31 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-01 09:00 - 2013-08-22 15:44 - 00338048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 05:09 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Alyxxik
2015-02-01 03:47 - 2014-12-26 18:00 - 00600064 ___SH () C:\Users\Alyxxik\Desktop\Thumbs.db
2015-02-01 00:30 - 2014-12-30 21:12 - 00000000 ____D () C:\Users\Alyxxik\Documents\ArmA 2
2015-02-01 00:26 - 2014-12-30 22:18 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Downloaded Installations
2015-01-31 22:35 - 2014-12-30 22:19 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\SIX Networks
2015-01-31 22:35 - 2014-12-30 22:19 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\SIX Networks
2015-01-31 19:19 - 2014-12-26 13:04 - 00039162 _____ () C:\Windows\PFRO.log
2015-01-31 18:21 - 2014-12-26 16:15 - 00207329 _____ () C:\Windows\DirectX.log
2015-01-29 00:34 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 12:32 - 2014-12-26 14:22 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 12:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-24 21:20 - 2015-01-02 23:21 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2015-01-02 23:21 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 01:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-21 20:03 - 2014-12-28 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-21 20:03 - 2014-12-27 15:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-21 20:03 - 2014-12-26 13:40 - 00288160 _____ () C:\Windows\DPINST.LOG
2015-01-18 16:00 - 2015-01-03 01:09 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Arma 3
2015-01-17 22:53 - 2014-12-26 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-15 20:33 - 2015-01-03 01:09 - 00000000 ____D () C:\Users\Alyxxik\Documents\Arma 3
2015-01-14 17:43 - 2014-12-28 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:41 - 2014-12-28 10:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 12:04 - 2014-12-26 20:09 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\BSplayer PRO
2015-01-10 21:16 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\VirtualStore
2015-01-10 10:30 - 2015-01-03 08:42 - 00001850 _____ () C:\Users\Alyxxik\Desktop\CrystalDiskMark.lnk
2015-01-09 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2014-12-26 14:17 - 2014-12-26 14:17 - 0000003 _____ () C:\Users\Alyxxik\AppData\Local\updater.log
2014-12-26 14:17 - 2014-12-26 18:14 - 0000425 _____ () C:\Users\Alyxxik\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\Alyxxik\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Alyxxik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Alyxxik\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Alyxxik\AppData\Local\Temp\raptrpatch.exe
C:\Users\Alyxxik\AppData\Local\Temp\raptr_stub.exe
C:\Users\Alyxxik\AppData\Local\Temp\sonarinst.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-29 00:34

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 03 úno 2015 20:57

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Alyxxik · #3 Příspěvek od **Alyxxik** » 04 úno 2015 23:57

Rudy tady to je.

# AdwCleaner v4.109 - Report created 04/02/2015 at 23:54:42
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Alyxxik - KASTRATOR
# Running from : E:\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-4244843792-632873021-3232718390-1001

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.94

[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_150213_alt&babsrc=SP_ss&mntrId=86E16CF049D06A22
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1388726284&from=wpm0102&uid=M4-CT128M4SSD2_000000001307092A6839&q={searchTerms}
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.incredibar.com/?q={searchTerms}&pr=&lang=czech&cid=1&source=095365&gc=cz
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBK%5EOSJ0 ... earchTerms}
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6PQJpGIXHi&i=26
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6PQJpGIXHi&i=26
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=epom2&utm_campaign=eXQ&utm_content=ds&from=epom2&uid=M4-CT128M4SSD2_000000001307092A6839&ts=1382770049&type=default&q={searchTerms}
[C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.armyweb.cz/hledani?search={searchTerms}&x=0&y=0

*************************

AdwCleaner[R0].txt - [3119 octets] - [04/02/2015 23:51:01]
AdwCleaner[S0].txt - [3002 octets] - [04/02/2015 23:54:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3062 octets] ##########

#4 Příspěvek od **Rudy** » 05 úno 2015 18:16

Dejte nový log FRST.

Alyxxik · #5 Příspěvek od **Alyxxik** » 05 úno 2015 21:32

Rudy, prosím.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Alyxxik (administrator) on KASTRATOR on 05-02-2015 21:31:08
Running from E:\
Loaded Profiles: Alyxxik (Available profiles: Alyxxik)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Alberto Martínez Pérez) C:\Program Files (x86)\AMP WinOFF\WinOFF.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Electronic Arts) E:\Program Files (x86)\Origin\Origin.exe
() C:\Program Files (x86)\ASUS\GPU Tweak\3D_Enable_G.exe
() C:\Program Files (x86)\ASUS\GPU Tweak\ASUSGPUFanService.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [uTorrent] => E:\Program Files (x86)\uTorrent\utorrent.exe [880640 2013-08-08] (BitTorrent Inc.)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [LightShot] => C:\Users\Alyxxik\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [AMP WinOFF] => c:\program files (x86)\amp winoff\winoff.exe [1025024 2010-10-17] (Alberto Martínez Pérez)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\MountPoints2: {53861e7c-8dd5-11e4-8250-448a5b8ffec8} - "G:\Startme.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://mystart.incredibar.com/mb139?a=6PQJpGIXHi&i=26", "hxxp://www1.delta-search.com/?affID=119816&tt=gc_150213_alt&babsrc=HP_ss&mntrId=86E16CF049D06A22", "hxxp://www.google.com", "hxxp://www.delta-homes.com/?type=hp&ts=1388715 ... 07092A6839", "hxxp://www.delta-homes.com/?utm_source=b&utm_m ... 1393434667", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544535&from=amt&uid=M4-CT128M4SSD2_000000001307092A6839"
CHR DefaultSearchURL: Default -> http://www.google.com/cse?cx=partner-pu ... 4067623346
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Dokumenty Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Disk Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (YouTube) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Tabulky Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Peněženka Google) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\Alyxxik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-27] ()
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 MSISleep; C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe [282624 2013-04-29] () [File not signed]
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-18] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215416 2015-02-05] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 Lycosa; C:\Windows\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [13328 2012-02-14] (MSI)
R3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [31912 2014-12-30] (Razer Inc)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 18:29 - 2015-02-05 18:29 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Steam
2015-02-04 23:50 - 2015-02-04 23:49 - 02194432 _____ () C:\Users\Alyxxik\Desktop\adwcleaner_4.109.exe
2015-02-04 23:49 - 2015-02-04 23:54 - 00000000 ____D () C:\AdwCleaner
2015-02-04 20:49 - 2015-02-04 20:51 - 00000000 ____D () C:\Users\Alyxxik\Documents\BFH Beta 2
2015-02-04 05:09 - 2015-02-04 05:09 - 00000780 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2015-02-04 05:09 - 2015-02-04 05:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-03 23:27 - 2015-02-03 23:27 - 00001198 _____ () C:\Users\Public\Desktop\ControlCenter.lnk
2015-02-03 23:27 - 2015-02-03 23:27 - 00000000 ___HD () C:\ControlCenterCount
2015-02-03 23:27 - 2015-02-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-02-03 23:27 - 2015-02-03 23:27 - 00000000 ____D () C:\Program Files (x86)\MSI
2015-02-03 20:59 - 2015-02-03 20:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 20:58 - 2015-02-03 20:58 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 20:58 - 2015-02-03 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 20:58 - 2015-02-03 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 20:58 - 2015-02-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 20:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-03 20:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 20:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-03 20:49 - 2015-02-03 20:49 - 00022732 _____ () C:\Users\Alyxxik\Desktop\Log.rar
2015-02-03 20:48 - 2015-02-03 20:20 - 00032519 _____ () C:\Users\Alyxxik\Desktop\Addition.txt
2015-02-03 20:48 - 2015-02-03 20:20 - 00030395 _____ () C:\Users\Alyxxik\Desktop\FRST.txt
2015-02-03 20:37 - 2015-02-03 20:49 - 00000000 ____D () C:\rsit
2015-02-03 20:37 - 2015-02-03 20:47 - 00000000 ____D () C:\Program Files\trend micro
2015-02-03 20:19 - 2015-02-05 21:31 - 00000000 ____D () C:\FRST
2015-02-01 00:24 - 2015-02-01 00:24 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-02-01 00:23 - 2015-02-04 23:43 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Tunngle
2015-02-01 00:23 - 2015-02-04 23:43 - 00000000 ____D () C:\ProgramData\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00001003 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Users\Alyxxik\Documents\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-02-01 00:23 - 2015-02-01 00:23 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2015-02-01 00:23 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-01-31 23:04 - 2015-01-31 23:05 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\next car game technology sneak peek
2015-01-31 22:26 - 2015-01-31 23:45 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-01-31 22:26 - 2015-01-31 23:45 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-01-31 22:26 - 2015-01-31 22:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-31 18:22 - 2015-01-31 18:22 - 00000000 __RHD () C:\Users\Alyxxik\AppData\Roaming\SecuROM
2015-01-31 18:15 - 2015-01-31 18:15 - 00000697 _____ () C:\Users\Public\Desktop\Crysis 3.lnk
2015-01-31 18:15 - 2015-01-31 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3
2015-01-31 18:03 - 2015-01-31 18:04 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Ubisoft Game Launcher
2015-01-31 18:03 - 2015-01-31 18:03 - 00001217 _____ () C:\Users\Alyxxik\Desktop\Uplay.lnk
2015-01-31 18:03 - 2015-01-31 18:03 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-01-31 18:03 - 2015-01-31 18:03 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-31 10:55 - 2015-01-31 10:55 - 00000000 ____D () C:\Users\Alyxxik\Documents\DyingLight
2015-01-31 10:55 - 2015-01-31 10:55 - 00000000 ____D () C:\ProgramData\Steam
2015-01-31 08:50 - 2015-01-31 08:50 - 00000747 _____ () C:\Users\Alyxxik\Desktop\Dying Light.lnk
2015-01-31 08:50 - 2015-01-31 08:50 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Dying Light
2015-01-31 08:50 - 2015-01-31 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-20 22:55 - 2015-01-20 23:01 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-20 22:54 - 2015-01-20 22:54 - 00000000 ____D () C:\ProgramData\EA Core
2015-01-18 20:40 - 2015-01-18 20:40 - 00000000 ____D () C:\Users\Alyxxik\Documents\Remedy
2015-01-18 17:37 - 2015-01-18 17:37 - 791996425 _____ () C:\Windows\MEMORY.DMP
2015-01-18 17:37 - 2015-01-18 17:37 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 14:45 - 2015-01-18 14:45 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\vlc
2015-01-18 13:43 - 2015-02-04 20:51 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\PunkBuster
2015-01-18 13:43 - 2015-01-18 13:53 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-18 13:28 - 2015-01-18 13:28 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\ESN
2015-01-18 12:48 - 2015-01-18 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-01-18 12:29 - 2015-01-18 12:29 - 00000811 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2015-01-18 12:29 - 2015-01-18 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-01-18 12:28 - 2015-02-05 20:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-18 12:28 - 2015-02-05 20:39 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-18 12:28 - 2015-02-04 05:08 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-18 12:13 - 2015-01-18 17:37 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Origin
2015-01-18 12:13 - 2015-01-18 12:14 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Origin
2015-01-18 12:10 - 2015-01-18 13:28 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-01-18 12:10 - 2015-01-18 12:10 - 00000708 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-01-18 12:10 - 2015-01-18 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-18 12:08 - 2015-02-05 21:31 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 12:04 - 2015-01-19 22:01 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-18 01:21 - 2015-01-31 16:33 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Battle.net
2015-01-18 01:21 - 2015-01-18 11:29 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Battle.net
2015-01-18 01:21 - 2015-01-18 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-18 01:21 - 2015-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-18 01:17 - 2015-01-18 01:17 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 17:37 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:37 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:37 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 17:37 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 17:37 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 17:37 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 17:37 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 17:37 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:37 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 17:37 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 17:37 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 17:37 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 17:37 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 17:37 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 17:37 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 17:37 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 17:37 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 17:37 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 17:37 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 17:37 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 17:37 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 17:37 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 17:37 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 14:16 - 2015-01-11 14:16 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\RzStats
2015-01-11 12:20 - 2015-01-11 12:20 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\DCS
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Seeing Machines
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\ProgramData\Seeing Machines
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VJoy Virtual Joystick Driver
2015-01-10 21:12 - 2015-01-10 21:12 - 00000000 ____D () C:\Program Files (x86)\VJoy Virtual Joystick Driver
2015-01-10 21:11 - 2015-01-10 21:11 - 00002229 _____ () C:\Users\Public\Desktop\FaceTrackNoIR.lnk
2015-01-10 21:11 - 2015-01-10 21:11 - 00000000 ____D () C:\Program Files (x86)\Abbequerque Inc
2015-01-10 20:48 - 2015-01-10 20:48 - 00002103 _____ () C:\Users\Public\Desktop\NaturalPoint.lnk
2015-01-10 20:48 - 2015-01-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NaturalPoint
2015-01-10 20:48 - 2015-01-10 20:48 - 00000000 ____D () C:\Program Files (x86)\Naturalpoint
2015-01-10 20:48 - 2004-06-30 11:00 - 00008069 _____ () C:\Windows\SysWOW64\NPKBD.VXD
2015-01-10 20:48 - 2004-04-13 19:34 - 00146628 _____ (NaturalPoint) C:\Windows\SysWOW64\Drivers\npusbrnm.sys
2015-01-10 20:48 - 2004-03-30 07:48 - 00133156 _____ (NaturalPoint) C:\Windows\SysWOW64\Drivers\npusb.sys
2015-01-10 20:48 - 2000-10-25 14:25 - 00004883 _____ () C:\Windows\SysWOW64\EYECTRL.VXD
2015-01-08 19:59 - 2015-01-08 19:59 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Bohemia_Interactive
2015-01-08 19:59 - 2015-01-08 19:59 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Arma 3 Launcher
2015-01-06 07:26 - 2015-01-06 07:26 - 00001021 _____ () C:\Users\Public\Desktop\AMP WinOFF.lnk
2015-01-06 07:26 - 2015-01-06 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2015-01-06 07:26 - 2015-01-06 07:26 - 00000000 ____D () C:\Program Files (x86)\AMP WinOFF

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 21:31 - 2014-12-26 14:20 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 21:17 - 2014-12-30 22:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 21:07 - 2014-12-26 13:06 - 01377555 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-05 20:23 - 2014-12-30 21:12 - 00000000 ____D () C:\Users\Alyxxik\Documents\ArmA 2
2015-02-05 18:26 - 2013-08-22 15:46 - 00038397 _____ () C:\Windows\setupact.log
2015-02-05 18:12 - 2014-12-26 13:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4244843792-632873021-3232718390-1001
2015-02-05 18:06 - 2014-12-26 13:14 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 18:05 - 2014-12-26 13:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{04CF09DB-2EF1-4AE5-866F-8D0B689EB892}
2015-02-05 18:02 - 2014-12-31 23:34 - 00003144 _____ () C:\Windows\System32\Tasks\FRAPS
2015-02-05 18:02 - 2014-12-31 23:34 - 00000000 ____D () C:\Fraps
2015-02-05 18:02 - 2014-12-26 14:20 - 00000976 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 18:02 - 2014-12-26 13:42 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Raptr
2015-02-05 18:02 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 01:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-05 00:55 - 2014-12-26 15:29 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\Skype
2015-02-04 23:55 - 2014-12-26 13:04 - 00039740 _____ () C:\Windows\PFRO.log
2015-02-04 23:17 - 2014-12-30 21:12 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\ArmA 2 OA
2015-02-04 20:29 - 2015-01-03 08:32 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-02-04 05:08 - 2014-12-26 16:15 - 00224880 _____ () C:\Windows\DirectX.log
2015-02-03 23:52 - 2014-12-26 14:22 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 17:43 - 2014-12-26 13:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-02 17:42 - 2014-12-26 13:31 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-02-01 09:00 - 2013-08-22 15:44 - 00338048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 05:09 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Alyxxik
2015-02-01 03:47 - 2014-12-26 18:00 - 00600064 ___SH () C:\Users\Alyxxik\Desktop\Thumbs.db
2015-02-01 00:26 - 2014-12-30 22:18 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Downloaded Installations
2015-01-31 22:35 - 2014-12-30 22:19 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\SIX Networks
2015-01-31 22:35 - 2014-12-30 22:19 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\SIX Networks
2015-01-29 00:34 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 12:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-24 21:20 - 2015-01-02 23:21 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2015-01-02 23:21 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 20:03 - 2014-12-28 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-21 20:03 - 2014-12-27 15:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-21 20:03 - 2014-12-26 13:40 - 00288160 _____ () C:\Windows\DPINST.LOG
2015-01-18 16:00 - 2015-01-03 01:09 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\Arma 3
2015-01-17 22:53 - 2014-12-26 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-15 20:33 - 2015-01-03 01:09 - 00000000 ____D () C:\Users\Alyxxik\Documents\Arma 3
2015-01-14 17:43 - 2014-12-28 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:41 - 2014-12-28 10:45 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 12:04 - 2014-12-26 20:09 - 00000000 ____D () C:\Users\Alyxxik\AppData\Roaming\BSplayer PRO
2015-01-10 21:16 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Alyxxik\AppData\Local\VirtualStore
2015-01-10 10:30 - 2015-01-03 08:42 - 00001850 _____ () C:\Users\Alyxxik\Desktop\CrystalDiskMark.lnk
2015-01-09 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2014-12-26 14:17 - 2014-12-26 14:17 - 0000003 _____ () C:\Users\Alyxxik\AppData\Local\updater.log
2014-12-26 14:17 - 2014-12-26 18:14 - 0000425 _____ () C:\Users\Alyxxik\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\Alyxxik\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Alyxxik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Alyxxik\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Alyxxik\AppData\Local\Temp\Quarantine.exe
C:\Users\Alyxxik\AppData\Local\Temp\raptrpatch.exe
C:\Users\Alyxxik\AppData\Local\Temp\raptr_stub.exe
C:\Users\Alyxxik\AppData\Local\Temp\sonarinst.exe
C:\Users\Alyxxik\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-29 00:34

==================== End Of Log ============================

#6 Příspěvek od **Rudy** » 05 úno 2015 21:45

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\MountPoints2: {53861e7c-8dd5-11e4-8250-448a5b8ffec8} - "G:\Startme.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Alyxxik\AppData\Local\Temp
End

Uložte do E:\ jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Alyxxik · #7 Příspěvek od **Alyxxik** » 05 úno 2015 21:56

Prosím, tady to je.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Alyxxik at 2015-02-05 21:55:29 Run:1
Running from E:\
Loaded Profiles: Alyxxik (Available profiles: Alyxxik)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4244843792-632873021-3232718390-1001\...\MountPoints2: {53861e7c-8dd5-11e4-8250-448a5b8ffec8} - "G:\Startme.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Alyxxik\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-4244843792-632873021-3232718390-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53861e7c-8dd5-11e4-8250-448a5b8ffec8}" => Key deleted successfully.
HKCR\CLSID\{53861e7c-8dd5-11e4-8250-448a5b8ffec8} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Users\Alyxxik\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 21:55:29 ====

#8 Příspěvek od **Rudy** » 05 úno 2015 21:59

Smazáno. Ještě by nebylo od věcu udělat kompletní sken MBAM: http://www.malwarebytes.org/mbam.php dejte log. Předem nic nemažte.

Alyxxik · #9 Příspěvek od **Alyxxik** » 06 úno 2015 07:11

Bohužel se mi PC uložil do hibernace, doufám že je tedy kompletní.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5. 2. 2015
Scan Time: 22:34:42
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.09
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alyxxik

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 906009
Time Elapsed: 3 hr, 0 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
Trojan.Agent, C:\FRST\Quarantine\C\Users\Alyxxik\AppData\Local\Temp\Quarantine.exe, , [987af624800a13231483819a09f9ce32],
CrackTool.Agent, F:\Hard-Disk-Sentinel-Pro-4.10-Build-5816-Multilingual.rar, , [cf432eec246657dfffd0c48138c92dd3],
PUP.Optional.Spigot.A, F:\YTDP.rar, , [cd45a87284063df9e01ae4420af6fd03],
PUP.PSWTool.ProductKey, F:\produkey-x64.zip, , [9082f327dcaec373f698176405fba858],
PUP.Optional.OpenCandy, F:\DTLite-setup.exe, , [0b07b06a7f0bbb7b5e3022b79471e31d],
Hacktool.WGAFix, F:\CNC\sablony april\WINDOWS-XP-KEYGEN+VALIDATION-PACK.zip, , [b260bd5d5535300666095b0cfe04e21e],
Hacktool.WGAFix, F:\Plocha\CNC\CNC\sablony april\WINDOWS-XP-KEYGEN+VALIDATION-PACK.zip, , [838fe1391e6cb97d7bf4afb8eb17a35d],
CrackTool.Agent, F:\Plocha\New folder\Hard Disk Sentinel Pro 4.10 Build 5816 Multilingual\Patch\hard.disk.sentinel.pro-MPT.exe, , [2fe3d7431278d5619b34380d22dfe818],

Physical Sectors: 0
(No malicious items detected)

(end)

#10 Příspěvek od **Rudy** » 06 úno 2015 18:22

Vše, co MBAM nalezl, smažte.

VIRY.CZ

Kontrola Logu

Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu

Re: Kontrola Logu