Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Utrack

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Utrack

#1 Příspěvek od maba345 »

Zdravím. Keď kliknem na akýkolvek link či odkaz na FB presmeruje ma na utrack stránku,alebo na stiahnutie podivného Tabu do Chromu Avast ani Malwarebytes to nedokážu tento malware detekovať. Ďakujem za pomoc

Logfile of random's system information tool 1.10 (written by random/random)
Run by Test at 2015-08-21 12:36:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 24 GB (39%) free of 61 GB
Total RAM: 8083 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:11, on 21. 8. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://178.18.68.125/Login.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 158.255.238.129 google-analytics.com
O1 - Hosts: 158.255.238.129 www.google-analytics.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - http://xmeye.net/video/web.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7749 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
KHALMNPR.EXE /API
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" 2c789d06-f650-455b-b3a7-3c4c52ca2b66
C:\Windows\system32\wbem\unsecapp.exe -Embedding
\??\C:\Windows\system32\conhost.exe "76905876662493051854770711-1558016293-1899413010206300788-426883923-803879760
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-5550849171756519304-594988980-8238426111300700920-1708781135-7715770951880564313
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4900.0.931874892\496268991" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,22,45,55 --gpu-vendor-id=0x10de --gpu-device-id=0x1380 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5560 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.2.1147314727\1528578771" --font-cache-shared-handle=2100 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.3.1046005098\1873715690" --font-cache-shared-handle=2172 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.4.1634098126\1146403568" --font-cache-shared-handle=2228 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.5.1129528390\986577018" --font-cache-shared-handle=2360 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.6.839697876\486950082" --font-cache-shared-handle=2432 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.7.320851013\1492020113" --font-cache-shared-handle=5112 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4900.9.1244897508\1008541535" --ppapi-flash-args=enable_hw_video_decode=1 --lang=sk --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.13.1806185525\2121218477" --font-cache-shared-handle=324 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.14.1777323482\1826671689" --font-cache-shared-handle=1724 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_02/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="4900.16.2103265947\298136386" --font-cache-shared-handle=6080 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Test\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-21 655480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23 433608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-21 559624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23 364488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-07-24 1710568]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-07-24 2634896]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2015-07-23 3111880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-07-17 8418584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GalaxyClient]
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [2015-08-04 7249976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\qttask.exe [2015-05-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-08-21 6109776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02 65992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-21 12:36:05 ----D---- C:\rsit
2015-08-21 12:36:05 ----D---- C:\Program Files\trend micro
2015-08-21 11:53:20 ----D---- C:\Users\Test\AppData\Roaming\AVAST Software
2015-08-21 11:53:01 ----D---- C:\Windows\SYSWOW64\vbox
2015-08-21 11:53:01 ----D---- C:\Windows\system32\vbox
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\ngvss.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswStm.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswSP.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2015-08-21 11:52:52 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2015-08-21 11:52:51 ----A---- C:\Windows\system32\aswBoot.exe
2015-08-21 11:52:51 ----A---- C:\Windows\avastSS.scr
2015-08-21 11:47:50 ----D---- C:\Program Files\AVAST Software
2015-08-21 11:47:03 ----D---- C:\ProgramData\AVAST Software
2015-08-19 21:53:24 ----N---- C:\Windows\system32\libcef.dll
2015-08-19 21:31:27 ----D---- C:\Users\Test\AppData\Roaming\uplay
2015-08-15 22:23:03 ----D---- C:\Program Files (x86)\OverDisk
2015-08-15 17:25:05 ----D---- C:\ProgramData\GOG.com
2015-08-15 17:25:05 ----D---- C:\Program Files (x86)\GalaxyClient
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-08-15 17:17:36 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvopencl.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvoglv64.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvinitx.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\NvIFR64.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\NvFBC64.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvdispgenco6435560.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvdispco6435560.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvcuvid.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvcuda.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\nvcompiler.dll
2015-08-15 17:17:36 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-08-15 15:26:18 ----D---- C:\Users\Test\AppData\Roaming\MK10
2015-08-15 15:25:51 ----D---- C:\Users\Test\AppData\Roaming\Mortal Kombat X
2015-08-14 18:26:23 ----D---- C:\ProgramData\Codemasters
2015-08-10 17:28:28 ----D---- C:\Program Files (x86)\Lost Heaven Multiplayer
2015-08-09 15:00:44 ----D---- C:\Program Files\7-Zip
2015-08-07 16:20:32 ----D---- C:\Fraps
2015-08-06 14:02:16 ----D---- C:\Users\Test\AppData\Roaming\Foxit Software
2015-07-30 20:39:16 ----D---- C:\Users\Test\AppData\Roaming\Winamp
2015-07-30 20:39:16 ----D---- C:\Program Files (x86)\Winamp
2015-07-30 12:44:36 ----D---- C:\ProgramData\BlueStacksSetup
2015-07-29 21:48:29 ----A---- C:\Windows\system32\drivers\LNonPnP.sys
2015-07-29 21:48:23 ----D---- C:\ProgramData\Logishrd
2015-07-29 21:48:20 ----D---- C:\Program Files\Logitech
2015-07-29 21:47:58 ----D---- C:\Program Files\Common Files\LogiShrd
2015-07-29 21:28:10 ----D---- C:\Users\Test\AppData\Roaming\Logitech
2015-07-29 21:28:10 ----D---- C:\Users\Test\AppData\Roaming\Logishrd
2015-07-29 20:30:43 ----A---- C:\Windows\system32\nvhdap64.dll
2015-07-29 20:30:43 ----A---- C:\Windows\system32\nvdispgenco6435362.dll
2015-07-29 20:30:43 ----A---- C:\Windows\system32\nvdispco6435362.dll
2015-07-29 20:30:43 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2015-07-29 20:13:15 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2015-07-29 20:13:15 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2015-07-27 19:26:59 ----D---- C:\Program Files (x86)\DOSBox-0.74
2015-07-25 16:12:33 ----D---- C:\Windows\Migration
2015-07-25 15:11:36 ----D---- C:\Program Files (x86)\Steam

======List of files/folders modified in the last 1 month======

2015-08-21 12:36:08 ----D---- C:\Windows\Temp
2015-08-21 12:36:05 ----RD---- C:\Program Files
2015-08-21 12:32:17 ----D---- C:\Windows\System32
2015-08-21 12:32:17 ----D---- C:\Windows\inf
2015-08-21 12:32:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-21 12:25:37 ----D---- C:\Windows
2015-08-21 12:25:34 ----D---- C:\Windows\system32\drivers
2015-08-21 11:56:49 ----SHD---- C:\$Recycle.Bin
2015-08-21 11:53:01 ----D---- C:\Windows\SysWOW64
2015-08-21 11:52:57 ----D---- C:\Windows\system32\Tasks
2015-08-21 11:52:51 ----D---- C:\Windows\winsxs
2015-08-21 11:47:03 ----HD---- C:\ProgramData
2015-08-21 11:42:10 ----D---- C:\Windows\Logs
2015-08-21 11:42:10 ----D---- C:\Windows\debug
2015-08-21 11:42:10 ----D---- C:\Users\Test\AppData\Roaming\uTorrent
2015-08-21 11:42:10 ----D---- C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2015-08-21 09:35:52 ----D---- C:\Windows\system32\catroot2
2015-08-20 20:03:22 ----D---- C:\Users\Test\AppData\Roaming\vlc
2015-08-20 15:27:56 ----SHD---- C:\Windows\Installer
2015-08-19 16:52:42 ----RSD---- C:\Windows\assembly
2015-08-19 16:23:31 ----D---- C:\Users\Test\AppData\Roaming\IrfanView
2015-08-18 21:37:29 ----D---- C:\Windows\system32\drivers\etc
2015-08-17 19:12:04 ----D---- C:\Windows\rescache
2015-08-16 16:14:24 ----D---- C:\Windows\Microsoft.NET
2015-08-15 22:51:04 ----D---- C:\Windows\system32\config
2015-08-15 22:50:49 ----D---- C:\Windows\system32\catroot
2015-08-15 22:40:24 ----D---- C:\Windows\AppPatch
2015-08-15 22:39:55 ----RD---- C:\Program Files (x86)
2015-08-15 17:25:06 ----RSD---- C:\Windows\Fonts
2015-08-15 17:18:30 ----D---- C:\ProgramData\NVIDIA Corporation
2015-08-15 17:18:26 ----D---- C:\Windows\system32\DriverStore
2015-08-15 17:18:25 ----D---- C:\ProgramData\NVIDIA
2015-08-14 23:31:00 ----D---- C:\Windows\system32\wdi
2015-08-11 16:35:24 ----D---- C:\Program Files\CCleaner
2015-08-07 13:06:30 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-08-07 13:06:30 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-08-07 13:06:30 ----A---- C:\Windows\system32\nvapi64.dll
2015-08-07 06:34:33 ----A---- C:\Windows\system32\nvvsvc.exe
2015-08-07 06:34:33 ----A---- C:\Windows\system32\nvsvcr.dll
2015-08-07 06:34:33 ----A---- C:\Windows\system32\nvshext.dll
2015-08-07 06:34:32 ----A---- C:\Windows\system32\nvmctray.dll
2015-08-07 06:34:31 ----A---- C:\Windows\system32\nvsvc64.dll
2015-08-07 06:34:31 ----A---- C:\Windows\system32\nvcpl.dll
2015-08-03 14:00:26 ----D---- C:\Windows\SoftwareDistribution
2015-08-02 16:41:29 ----D---- C:\ProgramData\Oracle
2015-08-02 16:41:25 ----D---- C:\Program Files (x86)\Java
2015-08-02 16:41:19 ----D---- C:\Program Files (x86)\Common Files
2015-08-02 16:41:09 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-08-01 13:25:39 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 12:44:58 ----SD---- C:\Users\Test\AppData\Roaming\Microsoft
2015-07-29 21:47:58 ----D---- C:\Program Files\Common Files
2015-07-25 16:12:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-25 16:12:33 ----SD---- C:\ProgramData\Microsoft
2015-07-25 16:11:43 ----D---- C:\ProgramData\Package Cache
2015-07-25 01:28:44 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2015-07-24 06:21:23 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2015-07-24 06:21:23 ----A---- C:\Windows\SYSWOW64\nvspbridge.dll
2015-07-24 06:21:14 ----A---- C:\Windows\system32\nvspcap64.dll
2015-07-24 06:21:14 ----A---- C:\Windows\system32\nvspbridge64.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-08-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-08-21 274808]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-08-21 115152]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-08-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-08-21 1048344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-08-21 447944]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-08-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-08-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-08-21 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-08-21 273824]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-05-02 30352]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-03-31 3785216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2015-06-18 86672]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2015-06-18 50832]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-07-24 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-07-03 47976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-08-21 146600]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-07-24 1155216]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-07-24 1871504]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-07-24 5544592]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-08-07 937592]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-08-21 4047768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-08-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-08-13 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-30 116648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-04-09 279024]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1272592]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-30 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-04 114688]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-13 51808]
S4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-07-16 244392]
S4 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2015-08-04 1720888]
S4 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-08-04 6874680]
S4 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2014-04-09 296432]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2015-07-02 356808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-08-13 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-08-13 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-08-13 139856]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Utrack

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner[C?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#3 Příspěvek od maba345 »

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Test on pi 21. 08. 2015 at 13:51:33,03.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Test\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21. 8. 2015 13:52:33 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Garmin deleted successfully
C:\PROGRA~3\Solidshield deleted successfully
C:\Users\Test\AppData\Local\Adobe deleted successfully
C:\Users\Test\AppData\Local\CrashDumps deleted successfully
C:\Users\Test\AppData\Local\MEGAsync deleted successfully
C:\Users\Test\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21. 08. 2015 11:52]

==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21. 08. 2015 11:52]

1Password - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk
MEGA - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod
AdBlock - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences
*.]free.zoznam.sk,*":{"fullscreen":1},"[*.]hrajemesalim.cz,*":{"fullscreen":1},"[*.]java.com,*":{"plugins":1},"[*.]minikiwi.refresher.sk,*":{"fullscreen":1},"[*.]mwnd.lolspotsarticles.com,*":{"fullscreen":1},"[*.]najmama.aktuality.sk,*":{"fullscreen":1},"[*.]pc.zoznam.sk,*":{"fullscreen":1},"[*.]touchit.sk,*":{"fullscreen":1},"[*.]vas.cas.sk,*":{"fullscreen":1},"[*.]vitaminl.tv,*":{"fullscreen":1},"[*.]www.abcgames.sk,*":{"fullscreen":1},"[*.]www.aktuality.sk,*":{"fullscreen":1},"[*.]www.applikace.cz,*":{"fullscreen":1},"[*.]www.cas.sk,*":{"fullscreen":1},"[*.]www.cum.sk,*":{"fullscreen":1},"[*.]www.disk.sk,*":{"fullscreen":1,"multiple-automatic-downloads":1,"popups":1},"[*.]www.dobrenoviny.sk,*":{"fullscreen":1},"[*.]www.funsite.sk,*":{"fullscreen":1},"[*.]www.gamesite.sk,*":{"fullscreen":1},"[*.]www.hitbox.tv,*":{"fullscreen":1},"[*.]www.hrej.cz,*":{"fullscreen":1,"mouselock":1},"[*.]www.info.sk,*":{"fullscreen":1},"[*.]www.omediach.com,*":{"fullscreen":1},"[*.]www.pauza.sk,*":{"fullscreen":1},"[*.]www.pcrevue-online.sk,*":{"fullscreen":1},"[*.]www.pluska.sk,*":{"fullscreen":1},"[*.]www.pohadkar.cz,*":{"fullscreen":1},"[*.]www.sector.sk,*":{"fullscreen":1},"[*.]www.showjanakrause.cz,*":{"fullscreen":1},"[*.]www.systemrequirementslab.com,*":{"plugins":1},"[*.]www.topky.sk,*":{"fullscreen":1},"[*.]www.topserialy.sk,*":{"fullscreen":1},"[*.]www.tvnoviny.sk,*":{"fullscreen":1},"[*.]www.webgames.cz,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"[*.]www.zing.cz,*":{"fullscreen":1},"[*.]www.zive.sk,*":{"fullscreen":1},"[*.]youbo.iprima.cz,*":{"fullscreen":1},"http://exashare.com:80,http://www.milujemeserialy.eu:80":{"fullscreen":1},"http://games.tiscali.cz:80,http://games.tiscali.cz:80":{"fullscreen":1},"http://www.hitbox.tv:80,*":{"last_used":{"notifications":1428768000},"notifications":1},"http://www.hitbox.tv:80,http://www.hitbox.tv:80":{"last_used":{"notifications":1430656000}},"http://www.karaokeparty.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://www.twitch.tv:80,http://www.twitch.tv:80":{"fullscreen":1},"https://[*.]apps.facebook.com:443,*":{"plugins":1},"https://[*.]koukni.cz:443,*":{"fullscreen":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]twitter.com:443,*":{"mouselock":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1,"plugins":1},"https://[*.]www.mojandroid.sk:443,*":{"fullscreen":1},"https://[*.]www.startovac.cz:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://openload.io:443,http://www.milujemeserialy.eu:80":{"fullscreen":1}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13083767747939751","icon_version":3,"is_managed":false,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Prvý používateľ","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Test\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Test\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13075063313124678"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"has_auth_error":false,"history_delete_directives":true,"managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncWEH0vtUo4g4UzFuo8eWeoA==","sessions":true,"shutdown_cleanly":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"show_on_first_run_allowed":false},"translate_accepted_count":{"ar":0,"de":0,"en":0,"es":0,"pl":0,"ro":0,"und":0},"translate_blocked_languages":["cs","sk"],"translate_denied_count":{"ar":1,"de":2,"en":181,"pl":2,"und":1},"translate_denied_count_for_language":{"de":1,"en":2,"es":1,"ro":1},"translate_last_denied_time_for_language":{"de":1.439552e+12,"en":1.437941e+12,"es":1.439571e+12,"ro":1.440015e+12},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"en":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
ocale":"en","description":"Rýchly e-mail s vyhľadávaním a bez spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/upda ... artup_urls":["http://www.azet.sk/","http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://178.18.68.125/Login.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://178.18.68.125/Login.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=29 folders=31 29072769 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Test\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Test\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on pi 21. 08. 2015 at 14:22:25,00 ======================


# AdwCleaner v5.003 - Logfile created 21/08/2015 at 12:44:25
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Test - MABA
# Running from : C:\Users\Test\Desktop\adwcleaner_5.003.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [609 bytes] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Utrack

#4 Příspěvek od vyosek »

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#5 Příspěvek od maba345 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015
Ran by Test (administrator) on MABA (21-08-2015 16:03:11)
Running from C:\Users\Test\Downloads
Loaded Profiles: Test (Available Profiles: Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-21] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-21] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://178.18.68.125/Login.htm
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-21] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-21] (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://xmeye.net/video/web.cab
Tcpip\Parameters: [DhcpNameServer] 178.18.68.16
Tcpip\..\Interfaces\{E15B7EB8-B54B-4A64-B5D2-A2D890B073E8}: [DhcpNameServer] 178.18.68.16

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2015-03-25] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2015-03-25] ()
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-07-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-21]

Chrome:
=======
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-21]
CHR Extension: (Google Docs) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-21]
CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-05]
CHR Extension: (Adblock Plus) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-21]
CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-05]
CHR Extension: (Google Sheets) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02]
CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-21] (Avast Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1720888 2015-08-04] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6874680 2015-08-04] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2010-11-21] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-21] (AVAST Software)
R5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-21] (AVAST Software)
R5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-21] (AVAST Software)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459248 2010-11-21] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-21] (Microsoft Corporation)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
R5 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [645480 2014-04-11] (Intel Corporation)
R5 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R5 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [20464 2014-02-21] (Intel Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95616 2010-11-21] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152960 2010-11-21] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-21] (Microsoft Corporation)
R5 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-21] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-21] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1924480 2010-11-21] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-21] (Avast Software)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 16:03 - 2015-08-21 16:03 - 00017837 _____ C:\Users\Test\Downloads\FRST.txt
2015-08-21 16:03 - 2015-08-21 16:03 - 00000000 ____D C:\FRST
2015-08-21 16:02 - 2015-08-21 16:02 - 02173952 _____ (Farbar) C:\Users\Test\Downloads\FRST64.exe
2015-08-21 14:04 - 2015-08-21 13:51 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-21 13:52 - 2015-08-21 14:22 - 00016434 _____ C:\zoek-results.log
2015-08-21 13:51 - 2015-08-21 14:02 - 00000000 ____D C:\zoek_backup
2015-08-21 13:51 - 2015-08-21 13:51 - 01308672 _____ C:\Users\Test\Desktop\zoek.exe
2015-08-21 13:49 - 2015-08-21 13:49 - 00000000 _____ C:\Windows\WindowsUpdate.log
2015-08-21 12:43 - 2015-08-21 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-21 12:43 - 2015-08-21 12:43 - 01605632 _____ C:\Users\Test\Desktop\adwcleaner_5.003.exe
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\rsit
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\Program Files\trend micro
2015-08-21 12:35 - 2015-08-21 12:35 - 01222144 _____ C:\Users\Test\Desktop\RSITx64.exe
2015-08-21 12:25 - 2015-08-21 14:22 - 00000840 _____ C:\Windows\setupact.log
2015-08-21 12:25 - 2015-08-21 14:22 - 00000664 _____ C:\Windows\PFRO.log
2015-08-21 12:25 - 2015-08-21 12:25 - 00000000 _____ C:\Windows\setuperr.log
2015-08-21 11:53 - 2015-08-21 11:53 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-21 11:53 - 2015-08-21 11:53 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-08-21 11:53 - 2015-08-21 11:53 - 00000000 ____D C:\Windows\system32\vbox
2015-08-21 11:53 - 2015-08-21 11:53 - 00000000 ____D C:\Users\Test\AppData\Roaming\AVAST Software
2015-08-21 11:53 - 2015-08-21 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-21 11:52 - 2015-08-21 14:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-21 11:52 - 2015-08-21 11:52 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-21 11:52 - 2015-08-21 11:52 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-21 11:52 - 2015-08-21 11:52 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-21 11:52 - 2015-08-21 11:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-21 11:47 - 2015-08-21 11:47 - 03459152 ____N (AVAST Software) C:\Users\Public\Documents\aswOfferTool.exe
2015-08-21 11:47 - 2015-08-21 11:47 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-21 11:47 - 2015-08-21 11:47 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-21 11:46 - 2015-08-21 11:46 - 05685704 _____ (AVAST Software) C:\Users\Test\Downloads\avast_free_antivirus_setup_online.exe
2015-08-20 15:27 - 2015-08-20 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2015
2015-08-19 22:10 - 2015-08-19 22:10 - 00000000 ____D C:\Users\Test\Documents\Assassin's Creed Rogue
2015-08-19 21:53 - 2013-09-24 12:12 - 36625920 ____N C:\Windows\system32\libcef.dll
2015-08-19 21:31 - 2015-08-19 21:31 - 00000000 ____D C:\Users\Test\AppData\Roaming\uplay
2015-08-19 16:42 - 2015-08-19 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Chronicles China
2015-08-19 16:18 - 2015-08-19 16:20 - 00000000 ____D C:\Users\Test\Desktop\Programy
2015-08-19 16:16 - 2015-08-20 15:57 - 00000000 ____D C:\Users\Test\Desktop\Hry
2015-08-18 21:56 - 2015-08-18 21:56 - 00000000 ____D C:\Users\Test\AppData\Local\EMU
2015-08-18 21:34 - 2015-08-18 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocket League
2015-08-15 22:40 - 2015-08-15 22:40 - 00000000 ____D C:\Users\Test\AppData\Local\Bluestacks
2015-08-15 22:23 - 2015-08-15 22:23 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OverDisk
2015-08-15 22:23 - 2015-08-15 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDisk
2015-08-15 22:23 - 2015-08-15 22:23 - 00000000 ____D C:\Program Files (x86)\OverDisk
2015-08-15 17:47 - 2015-08-15 18:34 - 00000000 ____D C:\Users\Test\Documents\The Witcher 3
2015-08-15 17:25 - 2015-08-15 17:27 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2015-08-15 17:25 - 2015-08-15 17:25 - 00000000 ____D C:\ProgramData\GOG.com
2015-08-15 17:17 - 2015-08-07 13:06 - 42840184 _____ C:\Windows\system32\nvcompiler.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 22520624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 18540336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 17124832 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 16630096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 15510112 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 14928048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 13656016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 12179496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 11076216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-15 17:17 - 2015-08-07 13:06 - 02937648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 02624816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 01104440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 01063216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 01059960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00985208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00942688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00931448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00177088 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-15 17:17 - 2015-08-07 13:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-15 16:22 - 2015-08-15 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-08-15 15:26 - 2015-08-15 15:26 - 00000000 ____D C:\Users\Test\AppData\Roaming\MK10
2015-08-15 15:25 - 2015-08-15 15:25 - 00000000 ____D C:\Users\Test\AppData\Roaming\Mortal Kombat X
2015-08-14 18:26 - 2015-08-20 15:30 - 00000000 ____D C:\ProgramData\Codemasters
2015-08-10 17:29 - 2015-08-10 17:29 - 00000000 ____D C:\Users\Test\lhmp-server-rc1-preview-win
2015-08-10 17:28 - 2015-08-10 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost Heaven Multiplayer
2015-08-10 17:28 - 2015-08-10 17:28 - 00000000 ____D C:\Program Files (x86)\Lost Heaven Multiplayer
2015-08-09 18:00 - 2015-08-09 18:00 - 00000000 ____D C:\Users\Test\AppData\Local\Mega Limited
2015-08-09 15:00 - 2015-08-09 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-08-09 15:00 - 2015-08-09 15:00 - 00000000 ____D C:\Program Files\7-Zip
2015-08-07 16:20 - 2015-08-08 22:50 - 00000000 ____D C:\Fraps
2015-08-06 14:02 - 2015-08-06 14:02 - 00000000 ____D C:\Users\Test\AppData\Roaming\Foxit Software
2015-08-02 20:14 - 2015-08-02 20:14 - 00003584 _____ C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-30 20:39 - 2015-07-30 22:20 - 00000000 ____D C:\Users\Test\AppData\Roaming\Winamp
2015-07-30 20:39 - 2015-07-30 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-07-30 20:39 - 2015-07-30 20:39 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-07-30 12:44 - 2015-08-01 11:59 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-07-29 21:48 - 2015-07-29 21:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-07-29 21:48 - 2015-07-29 21:48 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2015-07-29 21:48 - 2015-07-29 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-07-29 21:48 - 2015-07-29 21:48 - 00000000 ____D C:\ProgramData\Logishrd
2015-07-29 21:48 - 2015-07-29 21:48 - 00000000 ____D C:\Program Files\Logitech
2015-07-29 21:47 - 2015-07-29 21:48 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-07-29 21:28 - 2015-07-29 21:48 - 00000000 ____D C:\Users\Test\AppData\Roaming\Logitech
2015-07-29 21:28 - 2015-07-29 21:28 - 00000000 ____D C:\Users\Test\AppData\Roaming\Logishrd
2015-07-29 20:30 - 2015-07-25 01:28 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-29 20:30 - 2015-07-25 01:28 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-29 20:30 - 2015-07-23 06:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-07-29 20:30 - 2015-07-23 06:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-07-29 20:13 - 2015-07-03 06:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-29 20:13 - 2015-07-03 06:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-27 19:27 - 2015-07-27 19:27 - 00000000 ____D C:\Users\Test\AppData\Local\DOSBox
2015-07-27 19:26 - 2015-07-27 19:34 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2015-07-27 19:26 - 2015-07-27 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-07-25 15:36 - 2015-08-01 20:48 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-25 15:15 - 2015-07-25 15:15 - 00000000 ____D C:\Users\Test\AppData\Local\Steam
2015-07-25 15:15 - 2015-07-25 15:15 - 00000000 ____D C:\Users\Test\AppData\Local\CEF
2015-07-25 15:11 - 2015-08-21 11:42 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 15:11 - 2015-07-25 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 15:54 - 2015-05-17 18:43 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-21 15:53 - 2015-05-08 12:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-21 14:29 - 2009-07-14 06:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-21 14:29 - 2009-07-14 06:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-21 14:28 - 2009-07-14 07:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-21 14:22 - 2015-05-17 18:43 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 14:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-21 11:42 - 2015-05-04 18:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\uTorrent
2015-08-21 11:42 - 2015-05-02 19:52 - 00000000 ____D C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2015-08-21 11:36 - 2015-05-04 17:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-21 09:56 - 2015-04-30 13:58 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 20:03 - 2015-05-15 18:04 - 00000000 ____D C:\Users\Test\AppData\Roaming\vlc
2015-08-20 15:33 - 2015-05-02 20:40 - 00000000 ____D C:\Users\Test\Documents\My Games
2015-08-19 16:52 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-19 16:23 - 2015-07-11 16:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\IrfanView
2015-08-19 16:20 - 2015-04-30 13:46 - 00000000 ____D C:\Users\Test
2015-08-17 19:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-15 22:40 - 2015-04-30 14:06 - 00074864 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-15 22:40 - 2009-07-14 06:45 - 00338720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 22:39 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-15 17:18 - 2015-04-30 14:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-15 17:18 - 2015-04-30 14:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-15 17:17 - 2015-04-30 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-15 15:25 - 2015-06-19 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-08-11 16:35 - 2015-05-15 18:18 - 00000000 ____D C:\Program Files\CCleaner
2015-08-07 13:06 - 2015-06-01 17:11 - 03106384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-07 13:06 - 2015-04-30 14:13 - 12513288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-07 13:06 - 2015-04-30 14:13 - 03518248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-07 13:06 - 2015-04-30 14:13 - 00033050 _____ C:\Windows\system32\nvinfo.pb
2015-08-07 06:34 - 2015-04-30 14:14 - 06883448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 06:34 - 2015-04-30 14:14 - 03492144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-07 06:34 - 2015-04-30 14:14 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 06:34 - 2015-04-30 14:14 - 00937592 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 06:34 - 2015-04-30 14:14 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 06:34 - 2015-04-30 14:14 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-03 12:12 - 2015-04-30 14:14 - 05133709 _____ C:\Windows\system32\nvcoproc.bin
2015-08-02 16:41 - 2015-05-14 20:43 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-02 16:41 - 2015-05-14 20:43 - 00000000 ____D C:\ProgramData\Oracle
2015-08-02 16:41 - 2015-05-14 20:43 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-01 13:25 - 2015-05-04 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 13:25 - 2015-05-04 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 21:07 - 2015-05-02 20:40 - 00000000 ____D C:\Users\Test\AppData\Local\GHISLER
2015-07-25 16:12 - 2015-04-30 13:58 - 00767096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-25 01:28 - 2015-04-30 14:13 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-24 06:21 - 2015-04-30 14:14 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-24 06:21 - 2015-04-30 14:14 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-24 06:21 - 2015-04-30 14:14 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-24 06:21 - 2015-04-30 14:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-22 11:32 - 2009-07-14 07:08 - 00032504 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-05-21 21:12 - 2015-05-21 21:12 - 0033193 _____ () C:\Users\Test\AppData\Roaming\UserTile.png
2015-08-02 20:14 - 2015-08-02 20:14 - 0003584 _____ () C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-30 14:09 - 2015-04-30 14:09 - 0000017 _____ () C:\Users\Test\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-13 14:39

==================== End of log ============================
Přílohy
Addition_21-08-2015_16-03-43.rar
(6.74 KiB) Staženo 43 x
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#6 Příspěvek od maba345 »

To je všetko,alebo ešte pokračujeme?
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Utrack

#7 Příspěvek od altrok »

:arrow: Zdravim, dovolim si zaskocit pracovne vytizeneho kolegu.


:arrow: Dle logu mate vypnuty firewall. Pokud to pujde, doporucuji jej zapnout.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na C:\Users\Test\Downloads jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
2015-08-21 14:04 - 2015-08-21 13:51 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-21 13:52 - 2015-08-21 14:22 - 00016434 _____ C:\zoek-results.log
2015-08-21 13:51 - 2015-08-21 14:02 - 00000000 ____D C:\zoek_backup
2015-08-21 13:51 - 2015-08-21 13:51 - 01308672 _____ C:\Users\Test\Desktop\zoek.exe
2015-08-21 13:49 - 2015-08-21 13:49 - 00000000 _____ C:\Windows\WindowsUpdate.log
2015-08-21 12:43 - 2015-08-21 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-21 12:43 - 2015-08-21 12:43 - 01605632 _____ C:\Users\Test\Desktop\adwcleaner_5.003.exe
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\rsit
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\Program Files\trend micro
2015-08-21 12:35 - 2015-08-21 12:35 - 01222144 _____ C:\Users\Test\Desktop\RSITx64.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#8 Příspěvek od maba345 »

altrok Prepáčte že tak neskoro bolo tú napísané že do určitého dátumu nebudete online,a po tom dátume som akosi zabudol na túto otvorenú tému.

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Test (2015-10-21 22:27:22) Run:2
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
2015-08-21 14:04 - 2015-08-21 13:51 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-21 13:52 - 2015-08-21 14:22 - 00016434 _____ C:\zoek-results.log
2015-08-21 13:51 - 2015-08-21 14:02 - 00000000 ____D C:\zoek_backup
2015-08-21 13:51 - 2015-08-21 13:51 - 01308672 _____ C:\Users\Test\Desktop\zoek.exe
2015-08-21 13:49 - 2015-08-21 13:49 - 00000000 _____ C:\Windows\WindowsUpdate.log
2015-08-21 12:43 - 2015-08-21 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-21 12:43 - 2015-08-21 12:43 - 01605632 _____ C:\Users\Test\Desktop\adwcleaner_5.003.exe
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\rsit
2015-08-21 12:36 - 2015-08-21 12:36 - 00000000 ____D C:\Program Files\trend micro
2015-08-21 12:35 - 2015-08-21 12:35 - 01222144 _____ C:\Users\Test\Desktop\RSITx64.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value not found.
"C:\Windows\zoek-delete.exe" => not found.
"C:\zoek-results.log" => not found.
"C:\zoek_backup" => not found.
"C:\Users\Test\Desktop\zoek.exe" => not found.
C:\Windows\WindowsUpdate.log => moved successfully
C:\AdwCleaner => moved successfully
"C:\Users\Test\Desktop\adwcleaner_5.003.exe" => not found.
"C:\rsit" => not found.
"C:\Program Files\trend micro" => not found.
"C:\Users\Test\Desktop\RSITx64.exe" => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 350.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:27:23 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Utrack

#9 Příspěvek od altrok »

Nic se nedeje. Pozorujete v soucasne dobe nejake problemy? Dejte jeste aktualni log z FRST.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#10 Příspěvek od maba345 »

Problémy nepozorujem,len sa mi zdá že súbor Rundll32.exe zo zložky SysWOW64 berie moc RAM-ky inak v pohode. Malwarebytes ani ESET online scanner ho nedetekovali ako hrozbu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Test (administrator) on MABA (22-10-2015 19:37:39)
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: G - G:\AUTORUN.EXE
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {0af2407d-6685-11e5-a839-fcaa14500743} - I:\autorun.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {810091f9-4659-11e5-93db-fcaa14500743} - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {c0ff8200-7262-11e5-9eb7-fcaa14500743} - J:\RunGame.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {d38d63e1-f0f1-11e4-9642-fcaa14500743} - G:\AUTORUN.EXE
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 178.18.68.16
Tcpip\..\Interfaces\{E15B7EB8-B54B-4A64-B5D2-A2D890B073E8}: [DhcpNameServer] 178.18.68.16

Internet Explorer:
==================
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://178.18.68.125/Login.htm
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL =
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://xmeye.net/video/web.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2015-03-25] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2015-03-25] ()
FF Plugin HKU\S-1-5-21-1915849256-4225163708-1621856079-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-24] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-07-29] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-21]
CHR Extension: (Dokumenty Google) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
CHR Extension: (Disk Google) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-21]
CHR Extension: (Google+) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-08-21]
CHR Extension: (Kalendár Google) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Tabuľky Google) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-21]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1738808 2015-09-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6951992 2015-09-26] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2057736 2015-09-08] (Electronic Arts)
S2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 19:37 - 2015-10-22 19:37 - 00012811 _____ C:\Users\Test\Desktop\FRST.txt
2015-10-22 10:54 - 2015-10-22 14:54 - 00002114 _____ C:\Windows\WindowsUpdate.log
2015-10-22 10:48 - 2015-10-22 10:48 - 00079952 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-21 22:23 - 2015-10-21 22:23 - 00015921 _____ C:\Users\Test\Desktop\Logy.rar
2015-10-21 22:22 - 2015-10-21 22:22 - 02196480 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe
2015-10-21 21:26 - 2015-10-21 21:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-21 18:27 - 2015-10-22 19:03 - 00000000 ____D C:\Users\Test\AppData\Roaming\Azureus
2015-10-21 18:27 - 2015-10-21 18:27 - 00001852 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-10-21 18:27 - 2015-10-21 18:27 - 00001852 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-10-21 18:27 - 2015-10-21 18:27 - 00000000 ____D C:\Users\Test\.swt
2015-10-21 18:27 - 2015-10-21 18:27 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-10-19 11:31 - 2015-10-19 11:31 - 01801288 _____ (Malwarebytes) C:\Users\Test\Desktop\JRT.exe
2015-10-19 11:09 - 2015-10-19 11:12 - 00002842 _____ C:\Windows\system32\lic2.xml22316
2015-10-19 11:07 - 2015-10-19 11:08 - 00000000 ____D C:\Users\Test\AppData\Roaming\QuickScan
2015-10-19 11:03 - 2015-10-19 11:03 - 00688992 ____R (Swearware) C:\Users\Test\Downloads\dds.com
2015-10-17 19:23 - 2015-10-17 19:28 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-15 20:14 - 2015-10-19 11:51 - 00000000 ____D C:\Users\Test\Documents\The Crew
2015-10-15 20:14 - 2015-10-19 11:51 - 00000000 ____D C:\Users\Test\Documents\ProfileCache
2015-10-15 20:13 - 2015-10-15 20:13 - 00000000 ____D C:\Users\Test\AppData\Local\Ubisoft
2015-10-15 12:52 - 2015-10-15 12:52 - 00000000 ____D C:\Users\Test\Documents\CyberLink
2015-10-15 12:52 - 2015-10-15 12:52 - 00000000 ____D C:\Users\Public\CyberLink
2015-10-15 12:51 - 2015-10-15 12:52 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-15 12:51 - 2015-10-15 12:51 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2015-10-15 12:51 - 2015-10-15 12:51 - 00000000 ____D C:\Users\Test\AppData\Roaming\CyberLink
2015-10-15 12:50 - 2015-10-22 19:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 12:50 - 2015-10-15 12:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 12:12 - 2015-10-15 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
2015-10-15 12:12 - 2015-10-15 12:12 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2015-10-15 12:12 - 2015-10-15 12:12 - 00000000 ____D C:\Program Files\Cyberlink
2015-10-15 12:12 - 2015-10-15 12:12 - 00000000 ____D C:\Program Files (x86)\SmartSound Software
2015-10-15 12:12 - 2015-10-15 12:12 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2015-10-15 12:10 - 2015-10-22 16:00 - 00000312 _____ C:\Windows\Tasks\Vcosxztk.job
2015-10-15 12:10 - 2015-10-15 13:13 - 00000000 ____D C:\ProgramData\Temp
2015-10-15 12:10 - 2015-10-15 12:10 - 00398336 __RSH C:\Windows\SysWOW64\msvcr120L.dll
2015-10-15 12:10 - 2015-10-15 12:10 - 00002592 _____ C:\Windows\System32\Tasks\Vcosxztk
2015-10-15 12:10 - 2015-10-15 12:10 - 00000000 ____D C:\ProgramData\install_clap
2015-10-15 11:44 - 2015-10-15 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Design
2015-10-15 11:44 - 1997-08-14 16:31 - 00098816 _____ (Eidos plc) C:\Windows\SysWOW64\Dec130.dll
2015-10-15 11:44 - 1997-08-14 16:24 - 00089600 _____ (EIDOS Technologies) C:\Windows\SysWOW64\Winsdec.dll
2015-10-15 11:44 - 1997-08-14 16:17 - 00117248 _____ (EIDOS Technologies) C:\Windows\SysWOW64\Edec.dll
2015-10-15 11:44 - 1997-08-14 16:06 - 00060416 _____ (EIDOS Technologies) C:\Windows\SysWOW64\Winplay.dll
2015-10-15 11:44 - 1997-08-14 11:10 - 00080896 _____ (EIDOS Technologies) C:\Windows\SysWOW64\Winstr.dll
2015-10-15 11:44 - 1996-01-25 16:45 - 00039936 _____ (WexTech Systems, Inc.) C:\Windows\SysWOW64\D2htls32.dll
2015-10-15 11:44 - 1996-01-24 20:43 - 00202752 _____ (WexTech Systems, Inc.) C:\Windows\SysWOW64\D2hlnk32.dll
2015-10-15 11:44 - 1995-07-11 08:50 - 00322832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc30.dll
2015-10-14 19:49 - 2015-10-14 19:49 - 00000479 _____ C:\Windows\eReg.dat
2015-10-14 15:47 - 2015-10-14 20:05 - 00000000 ____D C:\Users\Test\Documents\NHL 2004
2015-10-04 17:07 - 2015-10-15 11:58 - 00000000 ____D C:\Users\Test\AppData\Roaming\OBS
2015-10-04 17:07 - 2015-10-04 17:07 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-10-04 17:07 - 2015-10-04 17:07 - 00000000 ____D C:\Program Files\OBS
2015-10-04 17:07 - 2015-10-04 17:07 - 00000000 ____D C:\Program Files (x86)\OBS
2015-10-01 21:13 - 2015-10-01 21:17 - 00000000 ____D C:\Users\Test\AppData\LocalLow\PencilTestStudios
2015-10-01 17:27 - 2015-10-17 19:28 - 00001794 _____ C:\Users\Test\Desktop\Google Chrome.lnk
2015-09-26 19:55 - 2015-09-26 19:55 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-09-26 19:55 - 2015-09-26 19:55 - 00000000 ____D C:\Program Files\Realtek
2015-09-26 19:55 - 2015-06-18 16:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-09-26 19:55 - 2015-06-18 15:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-09-26 19:55 - 2015-06-17 17:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-09-26 19:55 - 2015-06-17 12:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-09-26 19:55 - 2015-06-15 15:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-09-26 19:55 - 2015-05-26 09:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-09-26 19:55 - 2015-05-25 13:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-09-26 19:55 - 2015-05-18 12:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-09-26 19:55 - 2015-05-15 17:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-09-26 19:55 - 2015-05-15 14:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-09-26 19:55 - 2014-11-11 11:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-09-26 19:55 - 2014-06-09 08:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-09-26 19:55 - 2014-04-10 10:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-09-26 19:55 - 2014-01-08 13:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-09-26 19:55 - 2013-10-11 10:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-09-26 19:55 - 2012-06-08 14:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-09-26 19:55 - 2012-06-08 14:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-09-26 19:55 - 2012-03-08 09:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-09-26 19:55 - 2011-12-20 13:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-09-26 19:55 - 2011-12-16 12:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2015-09-26 19:55 - 2011-11-22 14:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-09-26 19:55 - 2010-11-08 05:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-09-26 19:55 - 2010-09-27 07:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-09-26 19:55 - 2009-11-24 07:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-09-26 19:55 - 2009-11-24 07:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-09-26 19:55 - 2009-11-24 07:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-09-26 19:55 - 2009-11-24 07:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-09-26 19:55 - 2009-11-18 05:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2015-09-26 12:52 - 2015-09-26 13:10 - 00000000 ____D C:\Users\Test\AppData\Local\kopanito_demo
2015-09-25 13:24 - 2015-09-25 13:24 - 00000000 ____D C:\Users\Test\AppData\Local\SKIDROW
2015-09-25 13:24 - 2015-09-25 13:24 - 00000000 ____D C:\Users\Test\AppData\Local\2K Games
2015-09-23 16:06 - 2015-09-23 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Isolation
2015-09-22 15:54 - 2015-09-22 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ryse Son of Rome

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 19:37 - 2015-08-21 16:03 - 00000000 ____D C:\FRST
2015-10-22 16:04 - 2015-05-02 19:52 - 00000000 ____D C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2015-10-22 10:51 - 2009-07-14 06:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-22 10:51 - 2009-07-14 06:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-22 10:50 - 2009-07-14 07:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-22 10:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-21 23:01 - 2015-08-19 16:16 - 00000000 ____D C:\Users\Test\Desktop\Hry
2015-10-21 18:27 - 2015-04-30 13:46 - 00000000 ____D C:\Users\Test
2015-10-21 12:13 - 2015-08-19 16:18 - 00000000 ___RD C:\Users\Test\Desktop\Programy
2015-10-20 18:18 - 2015-05-15 18:04 - 00000000 ____D C:\Users\Test\AppData\Roaming\vlc
2015-10-20 12:44 - 2009-07-14 07:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-18 19:08 - 2015-07-25 15:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-18 14:11 - 2015-05-04 17:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 19:28 - 2015-09-13 22:48 - 00000080 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2015-10-17 19:28 - 2015-06-30 20:01 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-17 19:28 - 2015-06-16 18:13 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 19:28 - 2015-05-02 19:52 - 00001781 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-10-17 19:28 - 2015-04-30 13:47 - 00001417 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-17 19:28 - 2015-04-30 13:44 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-17 19:28 - 2015-04-30 13:44 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-17 19:28 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-17 19:28 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-17 19:28 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-17 19:28 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-17 19:28 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-17 19:28 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-10-17 19:28 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-17 19:23 - 2015-05-04 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 19:23 - 2015-05-04 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 20:13 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-15 17:09 - 2015-05-14 18:34 - 00000000 ____D C:\Users\Test\AppData\Local\Ubisoft Game Launcher
2015-10-15 13:13 - 2015-04-30 13:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-15 12:50 - 2015-05-08 12:20 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-15 12:50 - 2015-05-08 12:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 12:03 - 2015-04-30 14:15 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA Corporation
2015-10-14 22:36 - 2015-09-20 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
2015-10-14 22:36 - 2015-08-21 19:37 - 00000000 ____D C:\Users\Test\AppData\Local\CrashDumps
2015-10-14 19:48 - 2015-05-08 12:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-12 05:05 - 2015-04-30 14:14 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-10-12 05:05 - 2015-04-30 14:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-10-12 05:04 - 2015-04-30 14:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-10-12 05:04 - 2015-04-30 14:14 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-10-09 17:41 - 2015-07-25 15:36 - 00000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-05 09:50 - 2015-05-04 17:28 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-05-04 17:28 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-05-04 17:28 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-01 21:14 - 2015-08-15 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-09-26 19:55 - 2015-04-30 14:02 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-09-26 19:53 - 2015-04-30 14:02 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-09-26 13:24 - 2015-08-15 17:25 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2015-09-26 12:45 - 2015-08-26 14:42 - 00000000 ____D C:\ProgramData\Origin
2015-09-25 22:31 - 2015-05-23 19:25 - 00000000 ____D C:\ProgramData\Steam
2015-09-23 21:08 - 2015-08-26 14:42 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-09-23 16:06 - 2015-09-06 18:43 - 00000000 ____D C:\Windows\SysWOW64\directx

==================== Files in the root of some directories =======

2015-05-21 21:12 - 2015-05-21 21:12 - 0033193 _____ () C:\Users\Test\AppData\Roaming\UserTile.png
2015-08-02 20:14 - 2015-08-02 20:14 - 0003584 _____ () C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-30 14:09 - 2015-04-30 14:09 - 0000017 _____ () C:\Users\Test\AppData\Local\resmon.resmoncfg
2015-09-06 21:42 - 2015-09-06 21:42 - 0005028 _____ () C:\ProgramData\mtbjfghn.xbe

Some files in TEMP:
====================
C:\Users\Test\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-22 18:38

==================== End of FRST.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Utrack

#11 Příspěvek od altrok »

Vlozte prosim jeste log Addition.txt
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#12 Příspěvek od maba345 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Test (2015-10-22 19:37:54)
Running from C:\Users\Test\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-30 11:46:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1915849256-4225163708-1621856079-500 - Administrator - Disabled)
Guest (S-1-5-21-1915849256-4225163708-1621856079-501 - Limited - Disabled)
Test (S-1-5-21-1915849256-4225163708-1621856079-1000 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.252 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
Aktualizácie NVIDIA 2.5.15.54 (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Alien Isolation, âĺđńč˙ 1.0.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Armikrog (HKLM-x32\...\1433157800_is1) (Version: 2.0.0.1 - GOG.com)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Assassins Creed Chronicles China (HKLM-x32\...\Assassins Creed Chronicles China_is1) (Version: - )
Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft)
Blues & Bullets: Episode 1 (HKLM-x32\...\Blues & Bullets: Episode 1_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2516 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2516 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fighting Force (HKLM-x32\...\Fighting Force) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
HeavyLoad V3.3 (HKLM-x32\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Life Is Strange Episode 2 (HKLM-x32\...\Life Is Strange Episode 2_is1) (Version: - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Lost Heaven Multiplayer version 1.0.6 (HKLM-x32\...\{518FE6AC-3097-4D96-88EB-D971A2AA30FF}_is1) (Version: 1.0.6 - Lost Heaven Multiplayer)
Mad Max, âĺđńč˙ 1.0.0.0 (HKLM-x32\...\Mad Max_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Malwarebytes Anti-Malware verzia 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metal Gear Solid V The Phantom Pain (HKLM-x32\...\Metal Gear Solid V The Phantom Pain_is1) (Version: 1.0.0.5 - Релиз от R.G. Steamgames)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NHL 2001 (HKLM-x32\...\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}) (Version: - )
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Grafický ovládač 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
OverDisk (remove only) (HKLM-x32\...\OverDisk) (Version: - )
Ovládací panel NVIDIA 355.82 (Version: 355.82 - NVIDIA Corporation) Hidden
Project CARS (HKLM-x32\...\Project CARS_is1) (Version: 1.0.1.1 - Релиз от R.G. Steamgames)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rocket League (HKLM-x32\...\Rocket League_is1) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version: - )
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Crew Wild Run Beta (HKLM-x32\...\Uplay Install 2356) (Version: - Ubisoft)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
Watch_Dogs verze 1.0 (HKLM-x32\...\{F6BB478F-E417-4306-B198-9852146C9D35}_is1) (Version: 1.0 - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-18 21:37 - 2015-10-21 22:27 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8977FE92-1E3C-4CC3-A0F5-C51ACF2835FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-15] (Adobe Systems Incorporated)
Task: {A13EE90B-AE31-4BCB-857C-E5D5F9182969} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {AA6AEAEA-379C-47BD-A235-0CC5262FF122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC769327-BD57-4FBE-BD43-88AFB70F3450} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E8601C81-A93B-4A26-A2B0-944EB558F659} - System32\Tasks\Vcosxztk => Rundll32.exe "C:\Windows\SysWOW64\msvcr120L.dll",PYIJIKKAC

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Vcosxztk.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\msvcr120L.dll

==================== Loaded Modules (Whitelisted) ==============

2015-04-30 14:00 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Test\Desktop\JRT.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Test\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 178.18.68.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "E:\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: MalwareProtectionLive => C:\Users\Test\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Test\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B2C127D7-3094-426F-80D5-17E81C00D20C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C24D89D6-22A3-4F9C-BDF3-06AAB860CDD1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{74969E23-765D-4605-839E-2F4E954B2536}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F61514C8-2F38-45D8-8A1C-9C99EAF54E2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8EEF93CE-2882-49B7-A393-AE2D77EBD6ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E6631E6-6B65-4844-A833-0C72C6F55C74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09F9EE95-F0A0-4762-B4F9-819A447B05B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Camera
Description: Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 07:37:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
.


Operation:
Instantiating VSS server

Error: (10/22/2015 07:37:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
]


Operation:
Instantiating VSS server

Error: (10/22/2015 06:39:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/22/2015 10:50:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (10/22/2015 10:50:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (10/22/2015 04:00:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Cyberlink RichVideo64 Service(CRVS) sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/22/2015 04:00:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/22/2015 04:00:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/22/2015 04:00:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA GeForce Experience Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/22/2015 04:00:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


CodeIntegrity:
===================================
Date: 2015-10-18 14:19:33.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:33.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:33.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:33.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:32.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:32.910
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:31.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:31.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:31.447
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-18 14:19:31.392
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\b5eb64a2a2d59058733468e222ed35e9\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 9%
Total physical RAM: 8083.32 MB
Available physical RAM: 7276.6 MB
Total Virtual: 16164.82 MB
Available Virtual: 15389 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:12.95 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:578.69 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:701.32 GB) (Free:16.62 GB) NTFS
Drive g: (NHL 2001) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 5D0AAF39)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 767010F2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 9F9BE82E)
Partition 1: (Active) - (Size=701.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=695.9 GB) - (Type=05)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Utrack

#13 Příspěvek od altrok »

:arrow: Otestujte na virustotal.com C:\Windows\SysWOW64\msvcr120L.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Utrack

#14 Příspěvek od maba345 »

Nechce mi povoliť prístup k súboru a to som prihlásený ako administrátor vo wine :)
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Utrack

#15 Příspěvek od altrok »

:arrow: Mate vypnute body obnoveni. Velice doporucuji tuto funkci zapnout.


:arrow: Nainstalujte nejaky antivir, protoze Windows Defender na Win7 plni pouze funkci antispywaru.


:arrow: Odinstalujte starou a zranitelnou verzi javy Java 8 Update 51. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
File: C:\Windows\SysWOW64\msvcr120L.dll
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: G - G:\AUTORUN.EXE
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {0af2407d-6685-11e5-a839-fcaa14500743} - I:\autorun.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {810091f9-4659-11e5-93db-fcaa14500743} - H:\setup.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {c0ff8200-7262-11e5-9eb7-fcaa14500743} - J:\RunGame.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\MountPoints2: {d38d63e1-f0f1-11e4-9642-fcaa14500743} - G:\AUTORUN.EXE
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = 
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
2015-09-06 21:42 - 2015-09-06 21:42 - 0005028 _____ () C:\ProgramData\mtbjfghn.xbe
Task: {E8601C81-A93B-4A26-A2B0-944EB558F659} - System32\Tasks\Vcosxztk => Rundll32.exe "C:\Windows\SysWOW64\msvcr120L.dll",PYIJIKKAC
Task: C:\Windows\Tasks\Vcosxztk.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\msvcr120L.dll
AlternateDataStreams: C:\Users\Test\Desktop\JRT.exe:BDU
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“