RUDY! - Kontrola logu určite tam niečo je...

[L4k0]

Pozerajťe toto sa my ukazalo v netstat miniaplikacie a ja používam iba Realtek normalne a predím to tam nebolo...ešte hodilo bluescreen ale neni v minidump ked reštartujem počitač tak ho nereštartne a na obrazovke je no signál musím ho vypnúť a zapnúť a nepíše že Start normal windows 30sekundový odpočet..A ESTE SOM ZITIL ZE NA DISKU D/ JE 600MB NEVIDITELNYCH



Log Fix

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by L4k0 (2016-07-03 20:51:53) Run:1
Running from C:\Users\L4k0\Desktop
Loaded Profiles: L4k0 (Available Profiles: L4k0)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
U3 aswMBR; \??\C:\Users\L4k0\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\L4k0\AppData\Local\Temp\aswVmm.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\L4k0\AppData\Local\Temp
End
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
aswMBR => service not found.
aswVmm => service not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully

"C:\Users\L4k0\AppData\Local\Temp" folder move:

Could not move "C:\Users\L4k0\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-03 20:54:09)

C:\Users\L4k0\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:54:09 ====

[Rudy]

Smazáno. Ještě pro jistotu udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte. Doporučuji také vše, co máte pod heslem, heslo změnit.

[L4k0]

Ešte som odstranil prava User Authetification User na diskoch v pravách...Preskočilo Sken registrov takže asi niečo v registroch ale niečo to blokuje a nič nenašlo

[Rudy]

Takže zřejmě OK. Kdyby tam něco bylo, skener by to zaregistroval.

[L4k0]

Rudy ono to preskočilo čiže?... čo vravíš na tie adaptéri a RougeKiller našiel PUM v registroch ale nejdú zmazať stále sa objavujú daj my prosím všetky možnosti hľadanie virsov aké vieš poskytnúť,niejaké kredity alebo podporu fora,mohol by som poskytnúť Log RSIT a ešte niečo na to aby detekoval či neni napadnutý môj norton....Posielam do prilohy Minidump lebo hodilo bluescreen..a tu je vípis logu z rougekiller kedže preskocilo registry


RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : L4k0 [Administrator]
Started from : C:\Users\L4k0\Desktop\Viry.cz\RogueKiller.exe
Mode : Scan -- Date : 07/04/2016 13:44:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{021C0871-D141-4C07-8E02-BDC2CE799FB0} | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{021C0871-D141-4C07-8E02-BDC2CE799FB0} | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{021C0871-D141-4C07-8E02-BDC2CE799FB0} | DhcpNameServer : 199.85.126.10 199.85.127.10 ([X][X]) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3446584074-721549401-2035689353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3446584074-721549401-2035689353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5001AALS-00J7B1 ATA Device +++++
--- User ---
[MBR] 7cf5c8a5e000fee36f718b291cd3283e
[BSP] 1f6a8dfb95803633ca4ff7eb0228ee69 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 120000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 245966848 | Size: 356838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Rudy]

Zkuste na to použít IceSword: http://forum.viry.cz/viewtopic.php?t=11394 .

K BSOD: Shodil to ovladač grafiky. Zkuste ho přeinstalovat.

[L4k0]

Píše Nejste oprávněn číst toto fórum vedel by si pokračvať dalšími programy ktrré vedia virrišiť dalšie problemy skús ešte nieajke programy prosím neukazuje sa Ovladač v odinsšatlovani programov ako to mam vymazať bezpečne ?

[Pavuk29]

Píše Nejste oprávněn číst toto fórum

asi boh tohto fora, sam najvacsi, sa nemoze na to divat. Ani sa mu necudujem.
Asi vam to locknem deti moje

[L4k0]

What ? nič sa lockovať nebude

[L4k0]

Výpis RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by L4k0 at 2016-07-04 18:15:53
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 85 GB (71%) free of 120 GB
Total RAM: 8191 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:15:59, on 4. 7. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files\trend micro\L4k0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Mem Reduct] "C:\Program Files\Mem Reduct\memreduct64.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Process Blocker - Softros Systems, Inc. - C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6317 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\diMaster.dll" /prefetch:1
C:\Windows\system32\PnkBstrA.exe
"C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe"
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe" /c /a /s UserSession
taskeng.exe {10578CB5-374E-458E-ABE5-5864CE3EB47B}
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe" /TUStart /pid:1940
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {25CCB393-2AFD-4277-BEA5-94AAA8D5387D}
"C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe" -b
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
/fmw.trayonly
"C:\Program Files\Mem Reduct\memreduct64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\L4k0\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21 1051320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21 805560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21 1051320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21 805560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"=C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [2016-03-21 5006536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Mem Reduct"=C:\Program Files\Mem Reduct\memreduct64.exe [2015-04-30 274944]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"=C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [2016-06-21 186640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"Debugger="C:\Program Files (x86)\AVG\AVG PC TuneUp\PMLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-07-04 18:15:53 ----D---- C:\rsit
2016-07-04 18:15:53 ----D---- C:\Program Files\trend micro
2016-07-04 18:13:37 ----D---- C:\Program Files\Softros Systems
2016-07-04 15:21:55 ----A---- C:\Windows\system32\PnkBstrA.exe
2016-07-04 13:13:57 ----D---- C:\Users\L4k0\AppData\Roaming\WinRAR
2016-07-03 20:34:46 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2016-07-03 20:32:55 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2016-07-03 20:32:47 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2016-07-03 20:32:44 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2016-07-03 20:32:44 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2016-07-03 20:32:44 ----A---- C:\Windows\system32\XAudio2_7.dll
2016-07-03 20:32:44 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2016-07-03 20:32:43 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2016-07-03 20:32:43 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2016-07-03 20:32:43 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2016-07-03 20:32:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2016-07-03 20:32:43 ----A---- C:\Windows\system32\xactengine3_7.dll
2016-07-03 20:32:43 ----A---- C:\Windows\system32\d3dx11_43.dll
2016-07-03 20:32:43 ----A---- C:\Windows\system32\d3dcsx_43.dll
2016-07-03 20:32:43 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2016-07-03 20:32:42 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2016-07-03 20:32:42 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2016-07-03 20:32:42 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2016-07-03 20:32:42 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2016-07-03 20:32:42 ----A---- C:\Windows\system32\XAudio2_6.dll
2016-07-03 20:32:42 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2016-07-03 20:32:42 ----A---- C:\Windows\system32\D3DX9_43.dll
2016-07-03 20:32:42 ----A---- C:\Windows\system32\d3dx10_43.dll
2016-07-03 20:32:41 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2016-07-03 20:32:41 ----A---- C:\Windows\system32\xactengine3_6.dll
2016-07-03 20:32:40 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2016-07-03 20:32:40 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2016-07-03 20:32:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2016-07-03 20:32:40 ----A---- C:\Windows\system32\XAudio2_5.dll
2016-07-03 20:32:40 ----A---- C:\Windows\system32\xactengine3_5.dll
2016-07-03 20:32:40 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2016-07-03 20:32:39 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\system32\d3dx11_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\system32\d3dx10_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\system32\d3dcsx_42.dll
2016-07-03 20:32:39 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2016-07-03 20:32:38 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2016-07-03 20:32:38 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2016-07-03 20:32:38 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2016-07-03 20:32:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2016-07-03 20:32:38 ----A---- C:\Windows\system32\D3DX9_42.dll
2016-07-03 20:32:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2016-07-03 20:32:38 ----A---- C:\Windows\system32\d3dx10_41.dll
2016-07-03 20:32:38 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2016-07-03 20:32:37 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2016-07-03 20:32:37 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2016-07-03 20:32:37 ----A---- C:\Windows\system32\XAudio2_4.dll
2016-07-03 20:32:37 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2016-07-03 20:32:36 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2016-07-03 20:32:36 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2016-07-03 20:32:36 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2016-07-03 20:32:36 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2016-07-03 20:32:36 ----A---- C:\Windows\system32\xactengine3_4.dll
2016-07-03 20:32:36 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2016-07-03 20:32:36 ----A---- C:\Windows\system32\d3dx10_40.dll
2016-07-03 20:32:36 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2016-07-03 20:32:35 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2016-07-03 20:32:35 ----A---- C:\Windows\system32\D3DX9_40.dll
2016-07-03 20:32:34 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2016-07-03 20:32:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2016-07-03 20:32:34 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2016-07-03 20:32:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2016-07-03 20:32:34 ----A---- C:\Windows\system32\XAudio2_3.dll
2016-07-03 20:32:34 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2016-07-03 20:32:34 ----A---- C:\Windows\system32\xactengine3_3.dll
2016-07-03 20:32:34 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2016-07-03 20:32:32 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2016-07-03 20:32:32 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2016-07-03 20:32:32 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2016-07-03 20:32:32 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2016-07-03 20:32:32 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2016-07-03 20:32:32 ----A---- C:\Windows\system32\XAudio2_2.dll
2016-07-03 20:32:32 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2016-07-03 20:32:32 ----A---- C:\Windows\system32\xactengine3_2.dll
2016-07-03 20:32:32 ----A---- C:\Windows\system32\d3dx10_39.dll
2016-07-03 20:32:32 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2016-07-03 20:32:31 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2016-07-03 20:32:31 ----A---- C:\Windows\system32\D3DX9_39.dll
2016-07-03 20:32:30 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2016-07-03 20:32:30 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2016-07-03 20:32:30 ----A---- C:\Windows\system32\XAudio2_1.dll
2016-07-03 20:32:30 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2016-07-03 20:32:29 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2016-07-03 20:32:29 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2016-07-03 20:32:29 ----A---- C:\Windows\system32\xactengine3_1.dll
2016-07-03 20:32:29 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2016-07-03 20:32:28 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2016-07-03 20:32:28 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2016-07-03 20:32:28 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2016-07-03 20:32:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2016-07-03 20:32:28 ----A---- C:\Windows\system32\XAudio2_0.dll
2016-07-03 20:32:28 ----A---- C:\Windows\system32\D3DX9_38.dll
2016-07-03 20:32:28 ----A---- C:\Windows\system32\d3dx10_38.dll
2016-07-03 20:32:28 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2016-07-03 20:32:27 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2016-07-03 20:32:27 ----A---- C:\Windows\system32\xactengine3_0.dll
2016-07-03 20:32:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2016-07-03 20:32:26 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2016-07-03 20:32:26 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2016-07-03 20:32:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2016-07-03 20:32:26 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2016-07-03 20:32:26 ----A---- C:\Windows\system32\D3DX9_37.dll
2016-07-03 20:32:26 ----A---- C:\Windows\system32\d3dx10_37.dll
2016-07-03 20:32:26 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2016-07-03 20:32:25 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2016-07-03 20:32:25 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2016-07-03 20:32:25 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2016-07-03 20:32:25 ----A---- C:\Windows\system32\xactengine2_10.dll
2016-07-03 20:32:25 ----A---- C:\Windows\system32\d3dx10_36.dll
2016-07-03 20:32:25 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2016-07-03 20:32:24 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2016-07-03 20:32:24 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2016-07-03 20:32:24 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2016-07-03 20:32:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2016-07-03 20:32:24 ----A---- C:\Windows\system32\xactengine2_9.dll
2016-07-03 20:32:24 ----A---- C:\Windows\system32\d3dx9_36.dll
2016-07-03 20:32:24 ----A---- C:\Windows\system32\d3dx10_35.dll
2016-07-03 20:32:24 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2016-07-03 20:32:23 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2016-07-03 20:32:23 ----A---- C:\Windows\system32\d3dx9_35.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2016-07-03 20:32:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\xinput1_3.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\xactengine2_8.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\d3dx9_34.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\d3dx10_34.dll
2016-07-03 20:32:22 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2016-07-03 20:32:21 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2016-07-03 20:32:21 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2016-07-03 20:32:21 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2016-07-03 20:32:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2016-07-03 20:32:21 ----A---- C:\Windows\system32\xactengine2_7.dll
2016-07-03 20:32:21 ----A---- C:\Windows\system32\d3dx9_33.dll
2016-07-03 20:32:21 ----A---- C:\Windows\system32\d3dx10_33.dll
2016-07-03 20:32:21 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2016-07-03 20:32:20 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2016-07-03 20:32:20 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2016-07-03 20:32:20 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2016-07-03 20:32:20 ----A---- C:\Windows\system32\xactengine2_6.dll
2016-07-03 20:32:20 ----A---- C:\Windows\system32\xactengine2_5.dll
2016-07-03 20:32:20 ----A---- C:\Windows\system32\d3dx10.dll
2016-07-03 20:32:19 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2016-07-03 20:32:19 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2016-07-03 20:32:19 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2016-07-03 20:32:19 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2016-07-03 20:32:19 ----A---- C:\Windows\system32\xactengine2_4.dll
2016-07-03 20:32:19 ----A---- C:\Windows\system32\x3daudio1_1.dll
2016-07-03 20:32:19 ----A---- C:\Windows\system32\d3dx9_32.dll
2016-07-03 20:32:19 ----A---- C:\Windows\system32\d3dx9_31.dll
2016-07-03 20:32:18 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2016-07-03 20:32:18 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2016-07-03 20:32:18 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2016-07-03 20:32:18 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2016-07-03 20:32:18 ----A---- C:\Windows\system32\xinput1_2.dll
2016-07-03 20:32:18 ----A---- C:\Windows\system32\xinput1_1.dll
2016-07-03 20:32:18 ----A---- C:\Windows\system32\xactengine2_3.dll
2016-07-03 20:32:18 ----A---- C:\Windows\system32\xactengine2_2.dll
2016-07-03 20:32:17 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2016-07-03 20:32:17 ----A---- C:\Windows\system32\xactengine2_1.dll
2016-07-03 20:32:15 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2016-07-03 20:32:15 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2016-07-03 20:32:15 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2016-07-03 20:32:15 ----A---- C:\Windows\system32\xactengine2_0.dll
2016-07-03 20:32:15 ----A---- C:\Windows\system32\x3daudio1_0.dll
2016-07-03 20:32:15 ----A---- C:\Windows\system32\d3dx9_30.dll
2016-07-03 20:32:14 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2016-07-03 20:32:14 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2016-07-03 20:32:14 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2016-07-03 20:32:14 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2016-07-03 20:32:14 ----A---- C:\Windows\system32\d3dx9_29.dll
2016-07-03 20:32:14 ----A---- C:\Windows\system32\d3dx9_28.dll
2016-07-03 20:32:14 ----A---- C:\Windows\system32\d3dx9_27.dll
2016-07-03 20:32:14 ----A---- C:\Windows\system32\d3dx9_26.dll
2016-07-03 20:32:13 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2016-07-03 20:32:13 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2016-07-03 20:32:13 ----A---- C:\Windows\system32\d3dx9_25.dll
2016-07-03 20:32:13 ----A---- C:\Windows\system32\d3dx9_24.dll
2016-07-03 18:37:23 ----D---- C:\ProgramData\McAfee
2016-07-03 18:37:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-03 18:37:13 ----D---- C:\Windows\SYSWOW64\Macromed
2016-07-03 18:37:12 ----D---- C:\Windows\system32\Macromed
2016-07-03 17:37:56 ----D---- C:\Users\L4k0\AppData\Roaming\Origin
2016-07-03 17:36:05 ----D---- C:\ProgramData\Origin
2016-07-03 17:36:05 ----D---- C:\ProgramData\Electronic Arts
2016-07-03 17:35:47 ----D---- C:\Program Files (x86)\Origin
2016-07-03 15:32:16 ----D---- C:\ProgramData\Malwarebytes
2016-07-03 15:32:08 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-03 15:24:29 ----D---- C:\Program Files\Common Files\AV
2016-07-03 13:07:39 ----RA---- C:\Windows\SYSWOW64\drivers\AsIO.sys
2016-07-03 13:07:39 ----RA---- C:\Windows\SYSWOW64\AsIO.dll
2016-07-03 13:07:36 ----A---- C:\Windows\SYSWOW64\drivers\AsInsHelp64.sys
2016-07-03 13:07:36 ----A---- C:\Windows\SYSWOW64\drivers\AsInsHelp32.sys
2016-07-03 13:07:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-07-03 13:07:35 ----D---- C:\Program Files (x86)\ASUS
2016-07-03 13:04:41 ----A---- C:\Windows\Language_trs.ini
2016-07-03 13:04:40 ----A---- C:\Windows\Ascd_tmp.ini
2016-07-03 12:43:16 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2016-07-03 12:43:16 ----A---- C:\Windows\system32\TURegOpt.exe
2016-07-03 12:43:16 ----A---- C:\Windows\system32\authuitu.dll
2016-07-03 12:42:15 ----D---- C:\Program Files (x86)\AVG
2016-07-03 12:41:32 ----D---- C:\ProgramData\Avg
2016-07-03 12:41:27 ----HD---- C:\ProgramData\Common Files
2016-07-03 12:12:46 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-07-03 12:12:33 ----D---- C:\ProgramData\RogueKiller
2016-07-02 18:29:39 ----D---- C:\Program Files\WinRAR
2016-07-02 15:42:28 ----D---- C:\Windows\Minidump
2016-07-02 15:11:50 ----D---- C:\Users\L4k0\AppData\Roaming\Henry++
2016-07-02 15:11:49 ----D---- C:\Program Files\Mem Reduct
2016-07-02 13:50:39 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2016-07-02 13:50:39 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2016-07-02 13:50:39 ----A---- C:\Windows\system32\vulkaninfo.exe
2016-07-02 13:50:39 ----A---- C:\Windows\system32\vulkan-1.dll
2016-07-02 13:50:35 ----D---- C:\Program Files (x86)\VulkanRT
2016-07-02 13:50:24 ----D---- C:\Program Files (x86)\AMD
2016-07-02 13:49:29 ----D---- C:\Program Files\Common Files\ATI Technologies
2016-07-02 13:49:01 ----D---- C:\ProgramData\Package Cache
2016-07-02 13:47:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-07-02 13:46:07 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-07-02 13:45:35 ----D---- C:\Program Files\AMD
2016-07-02 13:14:00 ----SHD---- C:\Windows\Installer
2016-07-02 13:13:00 ----D---- C:\Windows\Panther
2016-07-02 13:09:46 ----D---- C:\Program Files (x86)\Google
2016-07-02 12:30:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-07-02 12:30:53 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2016-07-02 12:29:48 ----D---- C:\Windows\system32\drivers\NISx64
2016-07-02 12:29:47 ----D---- C:\ProgramData\Norton
2016-07-02 12:29:47 ----D---- C:\Program Files (x86)\Norton Internet Security
2016-07-02 12:29:01 ----D---- C:\ProgramData\NortonInstaller
2016-07-02 12:29:01 ----D---- C:\Program Files (x86)\NortonInstaller
2016-07-02 12:20:51 ----D---- C:\Windows\SoftwareDistribution
2016-07-02 12:19:28 ----SD---- C:\Users\L4k0\AppData\Roaming\Microsoft
2016-07-02 12:19:28 ----D---- C:\Users\L4k0\AppData\Roaming\Media Center Programs
2016-07-02 12:19:21 ----SHD---- C:\Recovery
2016-07-02 12:14:37 ----D---- C:\Windows\Prefetch
2016-07-02 12:14:08 ----SHD---- C:\System Volume Information
2016-07-02 12:14:08 ----ASH---- C:\pagefile.sys
2016-07-02 12:14:07 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2016-07-04 18:15:53 ----RD---- C:\Program Files
2016-07-04 18:07:07 ----D---- C:\Windows\Temp
2016-07-04 18:05:26 ----D---- C:\Windows
2016-07-04 18:01:32 ----D---- C:\Windows\System32
2016-07-04 18:01:32 ----D---- C:\Windows\inf
2016-07-04 18:01:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-07-04 17:28:59 ----D---- C:\Windows\debug
2016-07-04 16:50:44 ----D---- C:\Windows\SysWOW64
2016-07-04 13:36:05 ----D---- C:\Windows\system32\drivers
2016-07-04 13:20:04 ----D---- C:\Windows\system32\config
2016-07-04 13:09:25 ----RD---- C:\Program Files (x86)
2016-07-04 12:12:26 ----D---- C:\Windows\system32\Tasks
2016-07-04 12:07:44 ----D---- C:\Windows\system32\catroot2
2016-07-04 11:26:41 ----D---- C:\Windows\LiveKernelReports
2016-07-03 21:59:08 ----D---- C:\Windows\Logs
2016-07-03 20:51:53 ----D---- C:\Windows\Tasks
2016-07-03 20:41:57 ----D---- C:\Windows\system32\DriverStore
2016-07-03 20:41:57 ----D---- C:\Windows\system32\catroot
2016-07-03 20:34:50 ----D---- C:\Program Files (x86)\Common Files
2016-07-03 20:32:46 ----D---- C:\Windows\system32\LogFiles
2016-07-03 20:32:17 ----RSD---- C:\Windows\assembly
2016-07-03 20:32:16 ----D---- C:\Windows\Microsoft.NET
2016-07-03 18:43:19 ----HD---- C:\ProgramData
2016-07-03 17:35:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-07-03 15:24:29 ----D---- C:\Program Files\Common Files
2016-07-03 13:07:39 ----D---- C:\Windows\SYSWOW64\drivers
2016-07-02 17:39:17 ----D---- C:\Windows\system32\wdi
2016-07-02 17:08:07 ----D---- C:\Windows\rescache
2016-07-02 13:46:08 ----D---- C:\Windows\SYSWOW64\en-US
2016-07-02 13:46:08 ----D---- C:\Windows\system32\en-US
2016-07-02 13:27:18 ----SD---- C:\ProgramData\Microsoft
2016-07-02 13:05:03 ----D---- C:\Windows\winsxs
2016-07-02 13:03:45 ----D---- C:\Program Files\Internet Explorer
2016-07-02 13:03:43 ----D---- C:\Windows\system32\wbem
2016-07-02 13:03:43 ----D---- C:\Windows\system32\sk-SK
2016-07-02 13:03:43 ----D---- C:\Windows\PolicyDefinitions
2016-07-02 13:03:43 ----D---- C:\Program Files (x86)\Internet Explorer
2016-07-02 13:03:10 ----D---- C:\Windows\system32\restore
2016-07-02 12:27:44 ----D---- C:\Windows\system32\CodeIntegrity
2016-07-02 12:19:37 ----SHD---- C:\$Recycle.Bin
2016-07-02 12:19:27 ----RD---- C:\Users
2016-07-02 12:17:00 ----D---- C:\Windows\system32\sysprep
2016-07-02 12:15:53 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [2016-02-24 1621232]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [2016-07-01 1832176]
R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [2015-09-24 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-04-27 497392]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160701.001\IDSvia64.sys [2016-07-01 876248]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [2016-02-24 928504]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [2015-09-24 50936]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [2016-02-24 295664]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [2016-02-24 577768]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-03-21 26345472]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-03-21 676864]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2016-02-24 96256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-04-27 156912]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160704.001\ENG64.SYS [2016-05-06 138456]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160704.001\EX64.SYS [2016-05-06 2148056]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-07-03 111344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2016-06-01 32304]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2016-07-04 24688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-03-21 251392]
R2 avgsvc;AVG Service; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-06-21 1080080]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [2016-02-26 289080]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2016-07-04 76152]
R2 Process Blocker;Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2015-04-10 2219344]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2016-06-01 4803344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-03 154440]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-03 270016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-03 154440]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2016-07-03 2122248]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[Rudy]

Tak zkuste toto:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

[L4k0]

Niekto z iného fora my písal že ked hackuju tak cez conhost.exe a dllhost.exe je to možné ? posielam nišie log a niejake skrýte data sa ukrivaju v D ale žiadny antivrus ju neprehladal aj ked som ju dal...


Malwarebytes Anti-Rootkit BETA 1.9.3.1001
http://www.malwarebytes.org

Database version:
main: v2016.07.04.06
rootkit: v2016.05.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
L4k0 :: L4K0-PC [administrator]

4. 7. 2016 19:30:40
mbar-log-2016-07-04 (19-30-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272739
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[JaRon]

Urobime to takto::
Ty si nainstalujes Msie11 a vsetky dostupne aktualizacie OS, nebudes uz tu zakladat ziadne nove temy,
Prides, ak budes mat realny virovy problem
Chod niekde za babami, alebo na pivo, nezatazuj radcov fora
svojimi kvazi-ohrozeniami. Je cas dovoleniek a forum sa snazi pomahat tym co to naozaj potrebuju.
Takze tu lock