Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Prosím o kontrolu logu

#1 Příspěvek od Nabuchodonozor671 »

Dobrý deň.Mám na Vás prosbu na prekontrolovanie môjho notebooku,nakoľko pár dní sledujem "zvláštne" vyťažovanie CPU a hlavne ma prekvapilo,že pri kontrole PC nástrojom adwcleaner,sa tento (stará i nová verzia),vždy "zasekne" na kontrole webových prehliadačov.Je mi to čudné a preto sa obraciam na odborníkov.Ešte spomeniem,že ani Eset,ani Malwarebytes nič podozrivé nenašli.Ďakujem!Tu je log:Logfile of random's system information tool 1.10 (written by random/random)
Run by Rocky-67 at 2015-03-05 15:33:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 25 GB (34%) free of 72 GB
Total RAM: 4087 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:13, on 5. 3. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files\ComfortKeyboard\CKeyboard.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\ComfortKeyboard\CKeyboardCm.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Rocky-67.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKCU\..\Run: [CKeyboard] C:\Program Files\ComfortKeyboard\CKeyboard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://apps.driversupport.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{143907AF-3ADF-4242-85C1-0DBEE59F81B0}: NameServer = 195.146.132.58 195.146.128.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF76DC86-190E-4058-BAB8-DAED8BD21CFD}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8132 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\SysWOW64\fsproflt2.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"taskhost.exe"
"C:\Program Files\Hide Folders 2012\hf.exe" /s
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\nlssrv32.exe
taskeng.exe {10FEA21F-06FD-46CD-BE2E-944238002FBA}
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\CyberGhost 5\Service.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8c5c9613-8834-4f11-9171-5d54085e1195 -SystemEventPortName:HostProcess-2188ccf3-ef4c-4d60-8120-883abba999c9 -IoCancelEventPortName:HostProcess-6d847265-bc58-4f04-8862-8893f738450d -NonStateChangingEventPortName:HostProcess-21d559be-75ba-4ac4-9f7a-0ed1139265ef -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f7ce431d-74c9-4097-9918-48de5ba7121d -DeviceGroupId:WpdFsGroup
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\ComfortKeyboard\CKeyboard.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\ComfortKeyboard\CKeyboardCm.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "c:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Users\Rocky-67\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default

prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34EDF7FD-FD9B-420F-A701-CC2C081FB26C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Sign-in Helper - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2011-04-19 863792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Sign-in Helper - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll [2011-04-19 640560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-04 2818800]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30 1297624]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2015-03-03 5595336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CKeyboard"=C:\Program Files\ComfortKeyboard\CKeyboard.exe [2013-01-04 4165544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-02-15 516928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-01-10 1103424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2011-03-09 107816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-11-05 407920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-11-05 202096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallerLauncher]
C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-02-26 1793736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2011-06-27 2643240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-07-13 93296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray64.exe [2013-12-04 1703424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 6382144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-06-24 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2013-06-24 167488]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19 379960]
"VitaKeyTSR"=C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [2011-04-19 384048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter
c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fsproflt2]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-03-05 15:33:09 ----D---- C:\Program Files\trend micro
2015-03-05 15:33:08 ----D---- C:\rsit
2015-03-05 15:23:12 ----D---- C:\_OTM
2015-03-04 15:28:00 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-04 14:10:45 ----D---- C:\zoek_backup
2015-03-04 12:37:51 ----D---- C:\ProgramData\Aiseesoft Studio
2015-03-04 12:37:51 ----D---- C:\Program Files (x86)\Aiseesoft Studio
2015-03-03 17:23:10 ----D---- C:\ProgramData\ESET
2015-03-03 17:23:10 ----D---- C:\Program Files\ESET
2015-03-03 17:18:00 ----D---- C:\ProgramData\Shared Space
2015-03-03 17:17:50 ----D---- C:\Program Files\COMODO
2015-03-03 17:17:07 ----D---- C:\ProgramData\Comodo Downloader
2015-03-03 17:16:27 ----D---- C:\ProgramData\Comodo
2015-03-03 17:00:39 ----D---- C:\ProgramData\Paradoxx
2015-03-03 15:56:02 ----D---- C:\Users\Rocky-67\AppData\Roaming\Paradoxx
2015-02-25 16:01:35 ----A---- C:\Windows\SYSWOW64\SkinCrafter3_vs2005.dll
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\mod7700.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2015-02-25 15:53:28 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2015-02-25 15:52:34 ----D---- C:\Program Files (x86)\T-Mobile Communication Center
2015-02-25 12:16:51 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 12:07:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-02-25 10:06:29 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
2015-02-23 10:50:06 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-02-23 10:50:02 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-02-23 10:49:44 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-23 10:49:42 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-02-23 10:49:36 ----A---- C:\Windows\system32\nvoglv64.dll
2015-02-23 10:49:32 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-02-23 10:49:26 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-23 10:49:20 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-02-23 10:49:20 ----A---- C:\Windows\system32\NvIFR64.dll
2015-02-23 10:49:10 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-02-23 10:49:10 ----A---- C:\Windows\system32\NvFBC64.dll
2015-02-23 10:49:10 ----A---- C:\Windows\system32\nvdispgenco6434144.dll
2015-02-23 10:49:08 ----A---- C:\Windows\system32\nvdispco6434144.dll
2015-02-23 10:49:02 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-02-23 10:49:00 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-23 10:48:58 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-02-23 10:48:58 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-23 10:48:54 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-02-23 10:48:02 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-02-23 10:48:00 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-23 10:47:52 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-02-18 21:07:25 ----A---- C:\TDSSKiller.3.0.0.44_18.02.2015_21.07.25_log.txt
2015-02-15 17:15:10 ----D---- C:\Users\Rocky-67\AppData\Roaming\ComfortSoftware
2015-02-15 17:14:56 ----A---- C:\Windows\system32\runcosk.exe
2015-02-15 17:14:56 ----A---- C:\Windows\system32\cskeyboardlogon.dll
2015-02-15 17:14:56 ----A---- C:\Windows\system32\CsCredentialLogon64.dll
2015-02-15 17:14:56 ----A---- C:\Windows\system32\CsCredentialLogon.dll
2015-02-15 17:14:55 ----D---- C:\Program Files\ComfortKeyboard
2015-02-13 17:57:03 ----A---- C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-13 17:56:56 ----A---- C:\Windows\system32\bdsandboxuiskin.dll
2015-02-12 08:06:32 ----A---- C:\Windows\SYSWOW64\wdi.dll
2015-02-12 08:06:32 ----A---- C:\Windows\system32\wdi.dll
2015-02-12 08:06:32 ----A---- C:\Windows\system32\powertracker.dll
2015-02-12 08:06:32 ----A---- C:\Windows\system32\perftrack.dll
2015-02-12 07:49:31 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-02-12 07:49:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-12 07:49:31 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-12 07:49:31 ----A---- C:\Windows\system32\jscript9.dll
2015-02-11 13:45:16 ----D---- C:\Program Files (x86)\RecoveryMechanic
2015-02-11 07:26:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-02-11 07:26:36 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-11 07:26:36 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-02-11 07:26:36 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-02-11 07:26:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:26:36 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-11 07:26:35 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-02-11 07:26:35 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:26:35 ----A---- C:\Windows\system32\iernonce.dll
2015-02-11 07:26:35 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 07:26:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-02-11 07:26:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-02-11 07:26:34 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-02-11 07:26:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 07:26:34 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-11 07:26:34 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 07:26:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:26:34 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 07:26:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-02-11 07:26:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 07:26:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 07:26:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:26:33 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 07:26:33 ----A---- C:\Windows\system32\iesetup.dll
2015-02-11 07:26:33 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 07:26:33 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-11 07:26:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-02-11 07:26:32 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 07:26:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 07:26:31 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 07:26:31 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-02-11 07:26:31 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-11 07:26:31 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-11 07:26:31 ----A---- C:\Windows\system32\ieui.dll
2015-02-11 07:26:31 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 07:26:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 07:26:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:26:30 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 07:26:29 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 07:26:29 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 07:26:29 ----A---- C:\Windows\system32\msrating.dll
2015-02-11 07:26:29 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:26:28 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-11 07:25:58 ----A---- C:\Windows\system32\aepic.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 07:25:58 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 07:25:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-11 07:25:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-02-11 07:25:53 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 07:25:53 ----A---- C:\Windows\system32\kerberos.dll
2015-02-11 07:25:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-02-11 07:25:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-02-11 07:25:52 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-02-11 07:25:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-02-11 07:25:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-02-11 07:25:52 ----A---- C:\Windows\system32\wdigest.dll
2015-02-11 07:25:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-11 07:25:52 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-11 07:25:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-11 07:25:52 ----A---- C:\Windows\system32\credssp.dll
2015-02-11 07:22:47 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 07:22:47 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:22:38 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-11 07:22:38 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-11 07:22:38 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 07:22:38 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-11 07:22:38 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 07:22:38 ----A---- C:\Windows\system32\adtschema.dll
2015-02-11 07:22:37 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-02-11 07:22:37 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-02-11 07:22:37 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-02-11 07:22:37 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-11 07:22:37 ----A---- C:\Windows\system32\sspicli.dll
2015-02-11 07:22:37 ----A---- C:\Windows\system32\secur32.dll
2015-02-11 07:22:37 ----A---- C:\Windows\system32\lsass.exe
2015-02-11 07:22:37 ----A---- C:\Windows\system32\auditpol.exe
2015-02-11 07:22:36 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-02-11 07:22:36 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-02-11 07:22:36 ----A---- C:\Windows\system32\msobjs.dll
2015-02-11 07:22:36 ----A---- C:\Windows\system32\msaudite.dll
2015-02-11 07:22:25 ----A---- C:\Windows\system32\wintrust.dll
2015-02-11 07:22:25 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-11 07:22:25 ----A---- C:\Windows\system32\crypt32.dll
2015-02-11 07:22:24 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-02-11 07:22:24 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-02-11 07:22:24 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-02-11 07:22:19 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-11 07:22:19 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 07:21:51 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 07:21:51 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 07:21:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:21:40 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-02-11 07:21:39 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-02-11 07:21:32 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-02-11 07:21:32 ----A---- C:\Windows\system32\srcore.dll
2015-02-11 07:21:32 ----A---- C:\Windows\system32\srclient.dll
2015-02-11 07:21:32 ----A---- C:\Windows\system32\rstrui.exe
2015-02-11 07:21:05 ----A---- C:\Windows\system32\win32k.sys
2015-02-08 15:00:36 ----A---- C:\Windows\SYSWOW64\secman.dll

======List of files/folders modified in the last 1 month======

2015-03-05 15:33:09 ----RD---- C:\Program Files
2015-03-05 15:32:26 ----D---- C:\Windows\Temp
2015-03-05 15:27:22 ----D---- C:\AdwCleaner
2015-03-05 15:25:38 ----D---- C:\Windows\inf
2015-03-05 15:24:47 ----AD---- C:\Windows
2015-03-05 15:23:52 ----D---- C:\Windows\system32\config
2015-03-05 08:59:36 ----D---- C:\Windows\Prefetch
2015-03-04 15:28:00 ----D---- C:\Windows\System32
2015-03-04 14:54:45 ----D---- C:\Users\Rocky-67\AppData\Roaming\Adobe
2015-03-04 14:42:43 ----D---- C:\Windows\system32\Tasks
2015-03-04 14:42:42 ----D---- C:\Program Files (x86)\Google
2015-03-04 14:42:40 ----D---- C:\Windows\Tasks
2015-03-04 14:42:39 ----SHD---- C:\Windows\Installer
2015-03-04 14:37:26 ----RD---- C:\Program Files (x86)
2015-03-04 14:18:35 ----SHD---- C:\System Volume Information
2015-03-04 14:10:52 ----D---- C:\Windows\SysWOW64
2015-03-04 12:37:51 ----HD---- C:\ProgramData
2015-03-03 17:23:49 ----D---- C:\Windows\system32\drivers
2015-03-03 17:23:48 ----D---- C:\Windows\system32\DriverStore
2015-03-03 17:04:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-03 16:50:37 ----D---- C:\Program Files\Common Files
2015-03-03 16:49:18 ----A---- C:\bdlog.txt
2015-03-03 16:46:50 ----D---- C:\Users\Rocky-67\AppData\Roaming\vlc
2015-03-03 16:44:02 ----D---- C:\Windows\system32\drivers\etc
2015-03-03 15:15:27 ----D---- C:\Windows\ModemLogs
2015-03-01 11:29:46 ----A---- C:\Windows\system32\bdsandboxuh.dll
2015-03-01 11:10:22 ----D---- C:\Windows\SoftwareDistribution
2015-02-28 14:01:17 ----D---- C:\Program Files\Recuva
2015-02-26 17:29:31 ----D---- C:\ProgramData\NVIDIA
2015-02-26 17:29:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 17:25:13 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-26 17:23:08 ----A---- C:\Windows\system32\nvapi64.dll
2015-02-26 17:22:44 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-02-25 15:52:43 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2015-02-25 15:52:27 ----D---- C:\Windows\system32\catroot
2015-02-25 10:06:25 ----D---- C:\Windows\system32\catroot2
2015-02-25 09:56:06 ----D---- C:\Windows\winsxs
2015-02-24 09:25:38 ----D---- C:\Program Files\CyberGhost 5
2015-02-23 18:37:38 ----D---- C:\ProgramData\Package Cache
2015-02-23 18:37:37 ----D---- C:\Program Files (x86)\Common Files
2015-02-20 13:23:37 ----D---- C:\Program Files\CCleaner
2015-02-20 09:44:06 ----SD---- C:\Users\Rocky-67\AppData\Roaming\Microsoft
2015-02-14 08:27:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 08:24:57 ----D---- C:\Windows\Microsoft.NET
2015-02-14 08:24:35 ----D---- C:\Program Files (x86)\AoaoPhoto Digital Studio
2015-02-12 18:14:06 ----D---- C:\Windows\rescache
2015-02-12 08:11:39 ----D---- C:\Windows\tracing
2015-02-12 08:11:39 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-12 08:11:39 ----D---- C:\Windows\system32\en-US
2015-02-11 11:03:57 ----D---- C:\Windows\debug
2015-02-11 08:20:37 ----SD---- C:\Windows\system32\CompatTel
2015-02-11 08:20:36 ----D---- C:\Windows\system32\appraiser
2015-02-11 08:20:35 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-02-11 08:20:35 ----D---- C:\Program Files\Internet Explorer
2015-02-11 08:20:34 ----D---- C:\Windows\system32\sk-SK
2015-02-11 08:20:33 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-11 08:17:24 ----D---- C:\Windows\system32\MRT
2015-02-11 08:13:11 ----A---- C:\Windows\system32\MRT.exe
2015-02-07 11:47:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-10-18 108832]
R0 FSProFilter2;FSPro File Filter 2; C:\Windows\System32\Drivers\FSPFltd2.sys [2011-06-03 57648]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-24 31040]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-24 633704]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-24 28008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-10-18 233760]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-10-18 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-10-18 183224]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-10-18 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-10-18 117024]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2015-01-30 20184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2015-01-30 792648]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2015-01-30 45880]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-03-03 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-03-03 169280]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2015-01-30 104608]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-07-22 126872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2015-03-03 158968]
R2 ubsbm;Unibrain 1394 SBM Driver; C:\Windows\system32\DRIVERS\ubsbm.sys [2012-10-05 24064]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\Windows\system32\DRIVERS\ubumapi.sys [2012-10-05 92160]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-24 43840]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 31920]
R3 AVerAF15;AVerMedia A815; C:\Windows\System32\Drivers\AVerAF15.sys [2009-12-04 312064]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-12-04 598808]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-12-25 76112]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2015-02-25 13952]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2015-02-25 98816]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2015-02-25 86016]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2015-02-25 28672]
R3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2015-02-25 212992]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-04-26 176880]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2013-05-02 8623856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-01-04 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-09-04 38048]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-07-16 941784]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2015-01-04 34544]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10329; C:\Windows\system32\DRIVERS\stwrt64.sys [2013-12-04 551936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2015-01-04 546032]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\Windows\system32\DRIVERS\ubohci.sys [2012-10-05 132608]
S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2014-08-26 367200]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-05-02 184144]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-03-06 210984]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-06 21544]
S3 cleanhlp;cleanhlp; \??\C:\USERS\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys [2014-10-16 57024]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2015-02-25 117248]
S3 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2012-07-16 26208]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2014-08-26 1462560]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2013-12-12 1008344]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2015-01-30 7618952]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2011-04-19 704048]
R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-19 646704]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-03-03 1349576]
R2 fsproflt2;FSPro Filter Service 2; C:\Windows\SysWOW64\fsproflt2.exe [2014-10-06 69408]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-24 31040]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2014-07-16 70768]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-26 932040]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2013-12-04 340480]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-01-04 191728]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 2192176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07 267440]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-01-30 2265304]
S3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-06-17 242216]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-25 148080]
S3 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-02 1255736]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-02-15 1143720]
S4 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-08-26 3783672]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S4 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-27 1364256]
S4 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-03-26 7084672]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu

#2 Příspěvek od altrok »

Zdravim :bye:

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Koukneme tedy na prohlizece...

:arrow: Ulozte na plochu verzi FRST dle Vaseho operacniho systemu (32b nebo 64b) http://www.bleepingcomputer.com/downloa ... scan-tool/
  • na stazeny FRST kliknete pravym, vyberte moznost Spustit jako spravce (v pripade Win XP staci obycejne dvojklikem)
  • zkontrolujte, ze je zaskrtnuta i moznost Addition
  • kliknete na Scan, tento proces vezme cca 5 minut
  • po dokonceni skenu se Vam na plose vytvorily logy FRST.txt a Addition.txt - oba sem vlozte.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#3 Příspěvek od Nabuchodonozor671 »

Zdravíčko!Ďakujem Vám za ochotu!Tu je prvý log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Rocky-67 (administrator) on ROCKY-67-PC on 06-03-2015 09:45:42
Running from C:\Users\Rocky-67\Desktop
Loaded Profiles: Rocky-67 (Available profiles: Rocky-67 & Gemini-67 & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(FSPro Labs) C:\Windows\SysWOW64\fsproflt2.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Comfort Software Group) C:\Program Files\ComfortKeyboard\CKeyboard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files\ComfortKeyboard\CKeyboardCm.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Slovak Telekom a.s.) C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-01-04] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-01-30] (COMODO)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2015-03-03] (ESET)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe [384048 2011-04-19] (Egis Technology Inc. )
HKU\S-1-5-21-238691012-2406985898-395691995-1000\...\Run: [CKeyboard] => C:\Program Files\ComfortKeyboard\CKeyboard.exe [4165544 2013-01-04] (Comfort Software Group)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-04] (Microsoft Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Tcpip\..\Interfaces\{143907AF-3ADF-4242-85C1-0DBEE59F81B0}: [NameServer] 195.146.128.62 195.146.132.58
Tcpip\..\Interfaces\{DF76DC86-190E-4058-BAB8-DAED8BD21CFD}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt20 [2013-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-30] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-30] (COMODO)
R2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [704048 2011-04-19] (Egis Technology Inc. )
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-03-03] (ESET)
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [69408 2014-10-06] (FSPro Labs)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-04] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-01-04] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [312064 2009-12-04] (AVerMedia TECHNOLOGIES, Inc.)
S3 cleanhlp; C:\USERS\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys [57024 2014-10-16] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2015-03-03] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2015-03-03] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2015-03-03] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2015-03-03] (ESET)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2015-02-25] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-01-04] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-18] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-10-18] (Acronis)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-10-18] (Acronis International GmbH)
S4 IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 09:45 - 2015-03-06 09:46 - 00012547 _____ () C:\Users\Rocky-67\Desktop\FRST.txt
2015-03-06 09:44 - 2015-03-06 09:45 - 00000000 ____D () C:\FRST
2015-03-06 09:43 - 2015-03-06 09:43 - 02092544 _____ (Farbar) C:\Users\Rocky-67\Desktop\FRST64.exe
2015-03-06 09:42 - 2015-03-06 09:42 - 00001167 _____ () C:\Users\Rocky-67\Desktop\Mozilla Firefox.lnk
2015-03-05 17:05 - 2015-03-05 17:05 - 00000274 _____ () C:\ProgramData\SMRResults430.dat
2015-03-05 16:51 - 2015-03-05 17:04 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\NPE
2015-03-05 16:51 - 2015-03-05 16:51 - 00000000 ____D () C:\ProgramData\Norton
2015-03-05 15:33 - 2015-03-05 15:33 - 00000000 ____D () C:\rsit
2015-03-05 15:33 - 2015-03-05 15:33 - 00000000 ____D () C:\Program Files\trend micro
2015-03-05 15:32 - 2015-03-05 15:32 - 01222144 _____ () C:\Users\Rocky-67\Desktop\RSITx64.exe
2015-03-05 15:24 - 2015-03-05 17:05 - 00000168 _____ () C:\Windows\setupact.log
2015-03-05 15:24 - 2015-03-05 15:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-05 15:23 - 2015-03-05 15:23 - 00000000 ____D () C:\_OTM
2015-03-05 15:21 - 2015-03-05 15:21 - 00522240 _____ (OldTimer Tools) C:\Users\Rocky-67\Desktop\OTM.exe
2015-03-04 15:28 - 2015-03-04 15:28 - 00331680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 14:18 - 2015-03-04 14:37 - 00051624 _____ () C:\zoek-results.log
2015-03-04 14:10 - 2015-03-04 14:10 - 00000000 ____D () C:\zoek_backup
2015-03-04 14:08 - 2015-03-04 14:09 - 04165140 _____ () C:\Users\Rocky-67\Downloads\zoek.zip
2015-03-04 13:53 - 2015-03-04 13:53 - 00077464 _____ () C:\Users\Rocky-67\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 13:07 - 2015-03-04 13:07 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Packages
2015-03-04 12:38 - 2015-03-04 12:39 - 00000000 ____D () C:\Users\Rocky-67\Documents\Aiseesoft Studio
2015-03-04 12:38 - 2015-03-04 12:38 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\Aiseesoft Studio
2015-03-04 12:38 - 2015-03-04 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2015-03-04 12:37 - 2015-03-04 12:37 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2015-03-04 12:37 - 2015-03-04 12:37 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2015-03-04 12:11 - 2015-03-04 12:11 - 00077464 _____ () C:\Users\Gemini-67\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-03 17:23 - 2015-03-03 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-03-03 17:23 - 2015-03-03 17:23 - 00000000 ____D () C:\ProgramData\ESET
2015-03-03 17:23 - 2015-03-03 17:23 - 00000000 ____D () C:\Program Files\ESET
2015-03-03 17:18 - 2015-03-03 17:19 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-03 17:18 - 2015-03-03 17:18 - 00000000 ____D () C:\ProgramData\Shared Space
2015-03-03 17:18 - 2015-03-03 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-03-03 17:17 - 2015-03-03 17:17 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-03-03 17:17 - 2015-03-03 17:17 - 00000000 ____D () C:\Program Files\COMODO
2015-03-03 17:16 - 2015-03-03 17:18 - 00000000 ____D () C:\ProgramData\Comodo
2015-03-03 17:11 - 2015-03-03 17:11 - 01761992 _____ (ESET) C:\Users\Rocky-67\Downloads\eset_nod32_antivirus_live_installer_.exe
2015-03-03 17:10 - 2015-03-03 17:13 - 229979832 _____ (COMODO) C:\Users\Rocky-67\Downloads\cfw_installer_5732_83.exe
2015-03-03 17:00 - 2015-03-03 17:00 - 00000000 ____D () C:\ProgramData\Paradoxx
2015-03-03 15:56 - 2015-03-03 15:56 - 00000000 ____D () C:\Users\Rocky-67\AppData\Roaming\Paradoxx
2015-03-03 15:15 - 2015-03-03 15:15 - 00000000 ____D () C:\Users\Gemini-67\AppData\Roaming\Paradoxx
2015-03-01 12:47 - 2015-03-01 12:47 - 00000385 _____ () C:\Users\Rocky-67\AppData\Roaminguser_gensett.xml
2015-03-01 12:36 - 2015-03-01 12:37 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Deployment
2015-03-01 12:36 - 2015-03-01 12:36 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Apps\2.0
2015-03-01 12:12 - 2015-03-04 14:42 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\Google
2015-03-01 12:12 - 2015-03-03 17:31 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Google
2015-03-01 11:25 - 2015-03-01 11:25 - 00633636 _____ () C:\ProgramData\1425205073.bdinstall.bin
2015-03-01 11:24 - 2015-03-01 11:24 - 00000684 ____H () C:\bdr-cf03
2015-03-01 11:20 - 2015-03-01 11:24 - 00253404 ____H () C:\bdr-ld03
2015-03-01 11:20 - 2015-03-01 11:24 - 00009216 ____H () C:\bdr-ld03.mbr
2015-03-01 11:20 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im03.gz
2015-03-01 11:20 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz03
2015-03-01 11:09 - 2015-03-06 09:43 - 00227904 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 16:01 - 2015-02-25 16:01 - 00880640 _____ (DMSoft Technologies) C:\Windows\SysWOW64\SkinCrafter3_vs2005.dll
2015-02-25 16:01 - 2015-02-25 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile Communication Center
2015-02-25 15:53 - 2015-02-25 15:52 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-02-25 15:53 - 2015-02-25 15:52 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-02-25 15:52 - 2015-02-25 16:01 - 00000000 ____D () C:\Program Files (x86)\T-Mobile Communication Center
2015-02-25 12:16 - 2015-02-25 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 12:07 - 2015-02-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 10:07 - 2015-02-25 10:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2015-02-25 10:07 - 2015-02-25 10:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-02-25 10:06 - 2015-02-25 15:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2015-02-25 10:06 - 2015-02-25 10:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2015-02-25 08:07 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 08:07 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 18:32 - 2015-02-23 18:32 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Engelmann_Media
2015-02-23 12:39 - 2015-02-23 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-02-23 10:50 - 2015-02-26 17:22 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-23 10:50 - 2015-02-26 17:22 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-23 10:49 - 2015-02-26 17:23 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-23 10:49 - 2015-02-26 17:23 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-23 10:49 - 2015-02-26 17:23 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-23 10:49 - 2015-02-26 17:23 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-23 10:49 - 2015-02-26 17:22 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-23 10:49 - 2015-02-26 17:22 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-23 10:48 - 2015-02-26 17:23 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-23 10:48 - 2015-02-26 17:22 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-23 10:48 - 2015-02-26 17:22 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-23 10:48 - 2015-02-26 17:22 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-23 10:48 - 2015-02-26 17:22 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-23 10:47 - 2015-02-26 17:23 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-20 08:47 - 2015-02-20 08:47 - 00032832 _____ () C:\Windows\SysWOW64\rnd_chunk.bin
2015-02-18 20:45 - 2015-02-18 20:45 - 02126848 _____ () C:\Users\Rocky-67\Desktop\adwcleaner_4.111.exe
2015-02-15 17:15 - 2015-02-15 17:15 - 00000000 ____D () C:\Users\Rocky-67\AppData\Roaming\ComfortSoftware
2015-02-15 17:14 - 2015-02-15 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comfort On-Screen Keyboard
2015-02-15 17:14 - 2015-02-15 17:14 - 00000000 ____D () C:\Program Files\ComfortKeyboard
2015-02-15 17:14 - 2012-12-06 20:17 - 00024408 _____ () C:\Windows\system32\cskeyboardlogon.dll
2015-02-15 17:14 - 2012-12-06 20:13 - 00199000 _____ () C:\Windows\system32\CsCredentialLogon.dll
2015-02-15 17:14 - 2012-12-06 20:13 - 00167256 _____ () C:\Windows\system32\CsCredentialLogon64.dll
2015-02-15 17:14 - 2012-12-06 20:13 - 00089944 _____ () C:\Windows\system32\runcosk.exe
2015-02-13 17:57 - 2015-02-13 17:57 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-13 17:56 - 2015-03-01 11:28 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-13 17:51 - 2015-02-13 17:51 - 00000684 ____H () C:\bdr-cf02
2015-02-13 17:48 - 2015-02-13 17:51 - 00253404 ____H () C:\bdr-ld02
2015-02-13 17:48 - 2015-02-13 17:51 - 00009216 ____H () C:\bdr-ld02.mbr
2015-02-13 17:48 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im02.gz
2015-02-13 17:48 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz02
2015-02-12 08:38 - 2015-02-12 08:38 - 00000000 ____D () C:\Users\Rocky-67\Documents\AoaoPhoto Digital Studio
2015-02-12 08:06 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 08:06 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 08:06 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-12 08:06 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 07:49 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 07:49 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:49 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 07:49 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 13:45 - 2015-02-11 13:45 - 00000000 ____D () C:\Program Files (x86)\RecoveryMechanic
2015-02-11 11:12 - 2015-02-11 11:14 - 78374592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Rocky-67\Downloads\KiesSetup.exe
2015-02-11 07:26 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:26 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:26 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:26 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:26 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:26 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:26 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:26 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:26 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:26 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:26 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:26 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:26 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:26 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:26 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:26 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:26 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:26 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:26 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:26 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:26 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:26 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:26 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:26 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 07:26 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:26 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:26 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:26 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:26 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:26 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 07:26 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:26 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:26 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:26 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:26 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:26 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:26 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:26 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:26 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:26 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 07:26 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:26 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:26 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:26 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:26 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:26 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:26 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:26 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:26 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:26 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:26 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:26 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 07:25 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 07:25 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 07:25 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 07:25 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 07:25 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 07:25 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 07:22 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:22 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:22 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:22 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:22 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:22 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:22 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:22 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:22 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:22 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:22 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:22 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 07:22 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 07:22 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 07:22 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 07:22 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 07:22 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 07:22 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:22 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:22 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:22 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 07:22 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 07:22 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:22 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:22 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 07:22 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 07:22 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 07:22 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 07:21 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:21 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 07:21 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 07:21 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 07:21 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:21 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:21 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 07:21 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:21 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:21 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-08 15:33 - 2015-02-08 15:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-02-08 15:00 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 17:45 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 17:45 - 2009-07-14 05:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 17:32 - 2013-10-07 09:52 - 00000000 ____D () C:\Users\Gemini-67\AppData\Roaming\vlc
2015-03-05 17:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 15:27 - 2013-10-16 18:11 - 00000000 ____D () C:\AdwCleaner
2015-03-04 15:35 - 2014-10-19 18:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 14:54 - 2013-10-04 09:28 - 00000000 ____D () C:\Users\Rocky-67\AppData\Roaming\Adobe
2015-03-04 14:42 - 2014-10-22 07:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-04 12:12 - 2014-11-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-03-04 09:56 - 2013-10-06 11:51 - 00000000 ___RD () C:\Users\Gemini-67\Aplikácie
2015-03-03 18:54 - 2014-11-30 13:37 - 00000000 ____D () C:\Users\Gemini-67\AppData\Roaming\uTorrent
2015-03-03 17:23 - 2014-10-10 08:59 - 00243440 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2015-03-03 17:23 - 2014-10-10 08:59 - 00241368 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2015-03-03 17:23 - 2014-10-10 08:59 - 00169280 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2015-03-03 17:23 - 2014-10-10 08:59 - 00158968 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2015-03-03 17:18 - 2014-12-13 09:18 - 00749776 _____ () C:\Windows\system32\perfh041.dat
2015-03-03 17:18 - 2014-12-13 09:18 - 00175700 _____ () C:\Windows\system32\perfc041.dat
2015-03-03 17:04 - 2009-07-14 06:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 16:46 - 2014-10-11 15:35 - 00000000 ____D () C:\Users\Rocky-67\AppData\Roaming\vlc
2015-03-01 11:29 - 2014-02-28 17:21 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-28 14:01 - 2014-03-03 09:18 - 00000000 ____D () C:\Program Files\Recuva
2015-02-28 14:01 - 2013-10-02 17:35 - 00000000 ____D () C:\Users\Rocky-67
2015-02-26 17:29 - 2014-11-13 11:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 17:29 - 2013-10-02 19:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 17:25 - 2014-11-13 11:02 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-26 17:23 - 2014-11-13 11:01 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-26 17:22 - 2015-01-04 12:39 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-25 15:52 - 2010-02-23 06:39 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-02-24 09:25 - 2014-12-05 17:41 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-02-23 18:37 - 2014-03-03 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-23 10:49 - 2013-10-27 09:04 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-02-23 08:13 - 2014-11-25 18:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 08:13 - 2009-07-14 06:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-21 07:54 - 2014-11-25 18:22 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-20 13:47 - 2013-10-09 19:30 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\CrashDumps
2015-02-20 13:23 - 2013-10-04 12:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-19 13:32 - 2013-10-06 12:54 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\Zoner
2015-02-18 21:06 - 2014-11-09 18:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rocky-67\Desktop\tdsskiller.exe
2015-02-15 14:30 - 2014-10-24 12:17 - 00000000 ____D () C:\Users\Gemini-67\AppData\Roaming\ComfortSoftware
2015-02-14 08:27 - 2013-10-04 11:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 08:24 - 2014-11-01 13:33 - 00000000 ____D () C:\Program Files (x86)\AoaoPhoto Digital Studio
2015-02-13 21:03 - 2014-12-05 17:42 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\CyberGhost
2015-02-12 18:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 08:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 07:18 - 2014-10-11 16:35 - 00000000 ____D () C:\Users\Gemini-67\AppData\Roaming\Vso
2015-02-11 11:29 - 2013-10-04 11:51 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\Downloaded Installations
2015-02-11 08:20 - 2014-12-10 15:28 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 08:20 - 2014-08-13 17:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 08:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-02-11 08:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-11 08:17 - 2013-10-02 19:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:13 - 2013-10-02 19:11 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 11:13 - 2013-10-07 17:18 - 00001057 _____ () C:\Users\Gemini-67\AppData\Roaming\vso_ts_preview.xml
2015-02-08 18:13 - 2013-10-04 14:40 - 00000000 ____D () C:\Users\Gemini-67\AppData\Local\Microsoft Games
2015-02-07 11:47 - 2014-10-22 07:11 - 00000000 ____D () C:\Users\Rocky-67\AppData\Local\Adobe
2015-02-07 11:47 - 2013-10-04 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 11:47 - 2013-10-04 13:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 03:21 - 2014-11-13 11:02 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-04 03:21 - 2014-11-13 11:02 - 03522376 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-04 03:21 - 2014-11-13 11:02 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-04 03:21 - 2014-11-13 11:02 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-04 03:21 - 2014-11-13 11:02 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2014-07-10 07:16 - 2014-07-10 07:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-03-03 14:57 - 2014-10-11 16:21 - 0007859 _____ () C:\Users\Rocky-67\AppData\Roaming\pcouffin.cat
2014-03-03 14:57 - 2014-10-11 16:21 - 0001167 _____ () C:\Users\Rocky-67\AppData\Roaming\pcouffin.inf
2014-03-03 14:57 - 2014-10-11 16:21 - 0000055 _____ () C:\Users\Rocky-67\AppData\Roaming\pcouffin.log
2014-03-03 14:57 - 2014-10-11 16:21 - 0082816 _____ (VSO Software) C:\Users\Rocky-67\AppData\Roaming\pcouffin.sys
2014-10-11 16:29 - 2014-11-13 11:14 - 0001057 _____ () C:\Users\Rocky-67\AppData\Roaming\vso_ts_preview.xml
2013-10-07 18:46 - 2013-10-07 18:46 - 0002048 ____H () C:\Users\Rocky-67\AppData\Roaming\~S7FB45B79-C86E-49ff-ACC4-849340906621W
2013-10-06 17:22 - 2013-10-15 08:25 - 0007641 _____ () C:\Users\Rocky-67\AppData\Local\Resmon.ResmonCfg
2014-11-09 13:05 - 2014-11-09 13:05 - 0000700 ___SH () C:\Users\Rocky-67\AppData\Local\systemFL7.dat
2015-03-01 11:25 - 2015-03-01 11:25 - 0633636 _____ () C:\ProgramData\1425205073.bdinstall.bin
2015-03-05 17:05 - 2015-03-05 17:05 - 0000274 _____ () C:\ProgramData\SMRResults430.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat


Some content of TEMP:
====================
C:\Users\Rocky-67\AppData\Local\Temp\Quarantine.exe
C:\Users\Rocky-67\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 19:12

==================== End Of Log ============================
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#4 Příspěvek od Nabuchodonozor671 »

A druhý log:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Rocky-67 at 2015-03-06 09:46:43
Running from C:\Users\Rocky-67\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abylon EXIF-CLEANER 2013 (HKLM-x32\...\abylonprotectionmanager-exif-cleaner_is1) (Version: 2013 - abylonsoft)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter 8.0.12 (HKLM-x32\...\{E09CEBAA-4435-4404-8D82-4C029F6391E4}_is1) (Version: 8.0.12 - Aiseesoft Studio)
Aktualizácie NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Auto Power-on & Shut-down 2.82 (HKLM-x32\...\Auto Power-on & Shut-down_is1) (Version: - LifSoft, Inc.)
AVerMedia A815 USB DVB-T 1.0.64.63 (HKLM-x32\...\AVerMedia A815 USB DVB-T) (Version: 1.0.64.63 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Tuner Card 1.0.0.4 (HKLM-x32\...\AVerMedia TV Tuner Card) (Version: 1.0.0.4 - AVerMedia TECHNOLOGIES, Inc.)
BioExcess (Version: 7.0.74.0 - Egis Technology Inc.) Hidden
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5000 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Comfort On-Screen Keyboard Pro 7.0.3.0 (HKLM\...\{6EB17721-6249-417B-99B9-DAF3FD532955}_is1) (Version: 7.0 - Comfort Software Group)
COMODO Firewall (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.3402_45529 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1827 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3305 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3305 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.4504 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.5.0.2128 - CyberLink Corp.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET NOD32 Antivirus (HKLM\...\{0A550E73-F1EE-491C-B2D4-7AB832851AB2}) (Version: 8.0.304.1 - ESET, spol s r. o.)
ExtremeCopy (HKLM\...\{2F54AF03-8D65-4FE0-8C1B-8D97236FC4AD}) (Version: 2.3.4 - Easersoft)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HP 3D DriveGuard (HKLM\...\{F8C604AC-1939-4B74-B847-CB59417F1FF2}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP SimplePass Identity Protection (HKLM-x32\...\InstallShield_{4E29EF8C-B841-4240-B2BD-D1C8CAF741C7}) (Version: 7.0.74.0 - Egis Technology Inc.)
Inpaint 6.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 sk)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 sk) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 sk)) (Version: 31.5.0 - Mozilla)
NVIDIA Grafický ovládač 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Ovládací panel NVIDIA 341.44 (Version: 341.44 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller Pro 3.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.0 - VS Revo Group, Ltd.)
Star Watermark Ultimate verzia 1.1.0 (HKLM-x32\...\{C429607F-0AB6-4C3A-9EF2-8783EA6D9ACC}_is1) (Version: 1.1.0 - Star-Watermark.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
T-Mobile Communication Center 3.84.01.08 (HKLM-x32\...\{9180B851-7FC1-42E4-948C-D55B39F3CE41}_is1) (Version: 3.84.01.08 - Slovak Telekom a.s.)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
Video to Picture version 5.0 (HKLM-x32\...\{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1) (Version: 5.0 - watermark-software.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

01-03-2015 10:59:06 Removing COMODO Firewall
03-03-2015 17:17:23 Installing COMODO Firewall
03-03-2015 17:18:24 Inštalácia balíka ovládačov zariadenia: COMODO Sieťová služba
04-03-2015 12:08:43 Bod obnovenia
04-03-2015 14:18:17 zoek.exe restore point
05-03-2015 17:01:54 Norton_Power_Eraser_20150305170153169

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {417AF875-F1AA-4B47-9ECC-7364680358E4} - \Driver Detective No Task File <==== ATTENTION
Task: {4F312997-F378-4C0F-B450-3A8F22BDDA16} - \Driver Booster SkipUAC (Rocky-67) No Task File <==== ATTENTION
Task: {6F7CA899-9D6B-4EAD-A3FA-AFE526944566} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30] (COMODO)
Task: {71DF2DD1-7A61-4AEF-BB04-598A9C84C00F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {85CBE712-DC59-40AF-A0FD-BD40E7733303} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-10-04] (CyberLink)
Task: {B8649A74-4AE8-427F-8C8D-1A2AAA98CEDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D825D57C-CB57-4226-A5B5-9B0AE64765E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {F4A0312B-2D74-4DEB-8D43-356CE0E43B54} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-01-21 15:45 - 2009-01-21 15:45 - 01401856 _____ () C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP SIMPLEPASS IDENTITY PROTECTION\X64\LIBEAY32.dll
2014-11-13 11:32 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-15 17:14 - 2012-11-27 17:33 - 00449880 _____ () C:\Program Files\ComfortKeyboard\CKeyboardDeskBand64.dll
2015-02-15 17:14 - 2012-12-06 20:11 - 00032600 _____ () C:\Program Files\ComfortKeyboard\CKeyboardCm.exe
2015-02-15 17:14 - 2012-12-06 20:12 - 00035160 _____ () C:\Program Files\ComfortKeyboard\CKeyboardH.dll
2015-02-25 16:01 - 2012-01-04 21:33 - 02752512 _____ () C:\Program Files (x86)\T-Mobile Communication Center\default.tms

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkinCrafter3_vs2005.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\eamonm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\edevmon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ehdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\epfwwfpr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:AC64BB05
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9
AlternateDataStreams: C:\Users\Rocky-67\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Rocky-67\Desktop\OTM.exe:$CmdTcID
AlternateDataStreams: C:\Users\Rocky-67\Desktop\OTM.exe:$CmdZnID
AlternateDataStreams: C:\Users\Rocky-67\Desktop\RSITx64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Rocky-67\Desktop\RSITx64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Rocky-67\Downloads\zoek.zip:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\fsproflt2 => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-238691012-2406985898-395691995-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rocky-67\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.146.128.62 - 195.146.132.58

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-238691012-2406985898-395691995-500 - Administrator - Disabled)
Gemini-67 (S-1-5-21-238691012-2406985898-395691995-1002 - Limited - Enabled) => C:\Users\Gemini-67
Guest (S-1-5-21-238691012-2406985898-395691995-501 - Limited - Enabled)
Rocky-67 (S-1-5-21-238691012-2406985898-395691995-1000 - Administrator - Enabled) => C:\Users\Rocky-67
UpdatusUser (S-1-5-21-238691012-2406985898-395691995-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 02:03:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_4.111.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ba8c

Start Time: 01d0567a56b33b2f

Termination Time: 0

Application Path: C:\Users\Rocky-67\Desktop\adwcleaner_4.111.exe

Report Id: e3938e8f-c26e-11e4-b498-0027133ea9e5

Error: (03/04/2015 01:51:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner.exe version 4.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c97c

Start Time: 01d05678c4b46fae

Termination Time: 16

Application Path: C:\Users\Gemini-67\Desktop\adwcleaner.exe

Report Id: 186af5d1-c26d-11e4-b498-0027133ea9e5

Error: (03/04/2015 00:37:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie koreňového certifikátu nezávislého vydavateľa z: <http://ctldl.windowsupdate.com/msdownlo ... 6976AD.crt> s chybou: Operácia sa vrátila, pretože uplynul časový limit.
.

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search sa zastavuje, pretože sa vyskytol problém s indexovaním, The catalog is corrupt.


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element sa nepodarilo nájsť. (HRESULT : 0x80070490) (0x80070490)

Error: (03/04/2015 00:36:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nemôže načítať informácie ukladacieho priestoru vlastností.

Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)


System errors:
=============
Error: (03/05/2015 03:23:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FSPro Filter Service 2 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (03/04/2015 00:37:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správca riadenia služieb sa po neočakávanom ukončení služby Windows Search pokúsil vykonať opravnú akciu (Reštartovať službu), ale táto činnosť zlyhala s nasledujúcou chybou:
%%1056

Error: (03/04/2015 00:36:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (03/04/2015 00:36:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search bola ukončená s chybou služby %%-1073473535.

Error: (03/04/2015 11:31:50 AM) (Source: DCOM) (EventID: 10016) (User: Rocky-67-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Rocky-67-PCGemini-67S-1-5-21-238691012-2406985898-395691995-1002LocalHost (Using LRPC)

Error: (03/03/2015 05:23:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba ESET Service je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (03/03/2015 05:02:16 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{143907AF-3ADF-4242-85C1-0DBEE59F81B0} because another computer on the network has the same name. The server could not start.

Error: (03/03/2015 05:01:58 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{143907AF-3ADF-4242-85C1-0DBEE59F81B0} because another computer on the network has the same name. The server could not start.

Error: (03/03/2015 04:50:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bitdefender Desktop Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (03/03/2015 04:36:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FSPro Filter Service 2 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


Microsoft Office Sessions:
=========================
Error: (03/04/2015 02:03:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adwcleaner_4.111.exe4.1.1.1ba8c01d0567a56b33b2f0C:\Users\Rocky-67\Desktop\adwcleaner_4.111.exee3938e8f-c26e-11e4-b498-0027133ea9e5

Error: (03/04/2015 01:51:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adwcleaner.exe4.1.1.1c97c01d05678c4b46fae16C:\Users\Gemini-67\Desktop\adwcleaner.exe186af5d1-c26d-11e4-b498-0027133ea9e5

Error: (03/04/2015 00:37:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownlo ... rtOperácia sa vrátila, pretože uplynul časový limit.

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2015 00:36:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element sa nepodarilo nájsť. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/04/2015 00:36:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/04/2015 00:36:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)


CodeIntegrity Errors:
===================================
Date: 2015-03-05 17:06:35.508
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 16:55:00.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 15:25:17.590
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-04 15:29:18.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 17:32:08.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 16:59:14.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 15:13:57.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-01 12:58:47.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-01 12:55:59.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-01 11:36:09.542
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 4086.86 MB
Available physical RAM: 2087.95 MB
Total Pagefile: 8171.91 MB
Available Pagefile: 5751 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:70 GB) (Free:23.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:628.63 GB) (Free:517.24 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:310.04 GB) NTFS
Drive g: (TMCC) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CE837F9A)
Partition 1: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=628.6 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 99F54618)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu

#5 Příspěvek od altrok »

:arrow: Norton Power Eraser neco nasel a smazal? Jaky script jste pouzil u zoeku? A jaky u OTM?

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
2015-03-05 17:05 - 2015-03-05 17:05 - 0000274 _____ () C:\ProgramData\SMRResults430.dat
C:\Users\Rocky-67\AppData\Local\Temp

Task: {417AF875-F1AA-4B47-9ECC-7364680358E4} - \Driver Detective No Task File <==== ATTENTION
Task: {4F312997-F378-4C0F-B450-3A8F22BDDA16} - \Driver Booster SkipUAC (Rocky-67) No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AC64BB05
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9
Hosts:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#6 Příspěvek od Nabuchodonozor671 »

Zdar!Tu je log:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Rocky-67 at 2015-03-06 16:41:30 Run:1
Running from C:\Users\Rocky-67\Desktop
Loaded Profiles: Rocky-67 (Available profiles: Rocky-67 & Gemini-67 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
2015-03-05 17:05 - 2015-03-05 17:05 - 0000274 _____ () C:\ProgramData\SMRResults430.dat
C:\Users\Rocky-67\AppData\Local\Temp

Task: {417AF875-F1AA-4B47-9ECC-7364680358E4} - \Driver Detective No Task File <==== ATTENTION
Task: {4F312997-F378-4C0F-B450-3A8F22BDDA16} - \Driver Booster SkipUAC (Rocky-67) No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AC64BB05
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34EDF7FD-FD9B-420F-A701-CC2C081FB26C}" => Key deleted successfully.
HKCR\CLSID\{34EDF7FD-FD9B-420F-A701-CC2C081FB26C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value deleted successfully.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => Key not found.
C:\ProgramData\SMRResults430.dat => Moved successfully.

"C:\Users\Rocky-67\AppData\Local\Temp" directory move:

Could not move "C:\Users\Rocky-67\AppData\Local\Temp" directory. => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{417AF875-F1AA-4B47-9ECC-7364680358E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{417AF875-F1AA-4B47-9ECC-7364680358E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Detective" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F312997-F378-4C0F-B450-3A8F22BDDA16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F312997-F378-4C0F-B450-3A8F22BDDA16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Rocky-67)" => Key deleted successfully.
C:\ProgramData\Temp => ":AC64BB05" ADS removed successfully.
C:\ProgramData\Temp => ":D5FBE8F9" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-06 16:43:45)<=

C:\Users\Rocky-67\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 16:43:45 ====
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#7 Příspěvek od Nabuchodonozor671 »

Norton Power Eraser našiel (nezdalo sa mu) RSITx64 a tiež spomínaný Zoek.Zoek zmazal no RSIT mi zostal na ploche.Inak prikladám Vám log z Oldtimera i Zoek-a,možno Vám to pomôže.Priznám sa (aj z logu to bude zrejmé),že pri OTM som len laicky laboroval a dal skript čo som našiel pre iného užívateľa,na týchto stránkach...A čo sa týka Zoek-a,tam keďže som nevedel použiť skript,sám mi navrhol možnosti a dal som deep scan...Inak pred zhruba polhodinkou,mi vôbec nechcel ísť net a procesor zasa dačo vyťažuje!Kuknite mi prosím na to.Dík!Log z OMT:All processes killed
========== FILES ==========
File/Folder C:\Program Files\Google\Google Toolbar not found.
File/Folder C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File/Folder C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gemini-67
->Temp folder emptied: 2158592 bytes
->Temporary Internet Files folder emptied: 8272052 bytes
->FireFox cache emptied: 5687504 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

User: Rocky-67
->Temp folder emptied: 2465449 bytes
->Temporary Internet Files folder emptied: 863023 bytes
->FireFox cache emptied: 35714814 bytes
->Flash cache emptied: 602 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111420 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gemini-67
->Flash cache emptied: 0 bytes

User: Public

User: Rocky-67
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 03052015_152312

Files moved on Reboot...
C:\Users\Rocky-67\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rocky-67\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#8 Příspěvek od Nabuchodonozor671 »

Zoek log:
Zoek.exe v5.0.0.0 Updated 03-March-2015
Tool run by Rocky-67 on st 04. 03. 2015 at 14:11:07,62.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rocky-67\Desktop\zoek.exe [Scan all users] [Deep Scan]

==== System Restore Info ======================

4. 3. 2015 14:18:39 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\SysWOW64\fsproflt2.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files\ComfortKeyboard\CKeyboard.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files\ComfortKeyboard\CKeyboardCm.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
C:\Users\Rocky-67\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4087 MB
CPU Info: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
CPU Speed: 1612,5 MHz
Sound Card: Reproduktory a duálne slúchadlá |
SPDIF (digitálny výstup cez dok |
Display Adapters: NVIDIA GeForce GT 230M | NVIDIA GeForce GT 230M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Default Connection | HUAWEI Mobile Connect - Network Adapter | TAP-Windows Adapter V9 | Bluetooth Device (Personal Area Network) | Realtek PCIe GBE Family Controller | Intel(R) WiFi Link 5100 AGN
CD / DVD Drives: 2x (E: | G: | ) E: hp DVD RW AD-7561S | G: HUAWEI Mass Storage
Ports: COM4 | COM5 | COM3 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 70,0GB | D: 628,6GB | F: 465,8GB
Hard Disks - Free: C: 23,8GB | D: 517,0GB | F: 314,0GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/05/10 | HPQOEM - 1
Time Zone: Stredoeurópsky čas (normálny)
Motherboard *: Hewlett-Packard 363C
Country: Slovensk  republika
Language: SKY

==== System Specs (Software) ======================

Anti-Virus: ESET NOD32 Antivirus 8.0 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Comodo Defense+ disabled (Outdated)
Anti-Spyware: ESET NOD32 Antivirus 8.0 disabled (Outdated)
Firewall: COMODO Firewall disabled
Internet Explorer Version: 11.0.9600.17633
Mozilla Firefox version: 36.0 (x86 sk)
Google Chrome version: 40.0.2214.115
Flash Player version: 16.0.0.305

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Rocky-67\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-25 15:01:35 93B0C69095B5164F56B0284414CF3255 880640 ----a-w- C:\Windows\SysWOW64\SkinCrafter3_vs2005.dll
2015-02-25 07:07:30 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls
2015-02-23 09:50:02 7D8F18E279615C739ADEC4E53F67248E 16128576 ----a-w- C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-23 09:49:42 F02FBBAAE5B430CD1E880486D3B6B069 11272240 ----a-w- C:\Windows\SysWOW64\nvopencl.dll
2015-02-23 09:49:32 A2FF3BE3C2F50DA4C4A40868B247400C 24198856 ----a-w- C:\Windows\SysWOW64\nvoglv32.dll
2015-02-23 09:49:20 B2371DACC907B74E0191838093E0EE54 907464 ----a-w- C:\Windows\SysWOW64\NvIFR.dll
2015-02-23 09:49:10 2E9611A02DDE0E8D5A7388E38A0A98FD 870032 ----a-w- C:\Windows\SysWOW64\NvFBC.dll
2015-02-23 09:49:02 D0FFE7373C75FF1DD006806CC45D4B9D 14497568 ----a-w- C:\Windows\SysWOW64\nvd3dum.dll
2015-02-23 09:48:58 F1D6EFCB245472C44BA145127CD53508 3987600 ----a-w- C:\Windows\SysWOW64\nvcuvid.dll
2015-02-23 09:48:54 1BB8300172636178E83EF09930893BD6 11209192 ----a-w- C:\Windows\SysWOW64\nvcuda.dll
2015-02-23 09:48:02 F1EB6586B4B1AC4B870B928285BC223F 15294280 ----a-w- C:\Windows\SysWOW64\nvcompiler.dll
2015-02-23 09:47:52 53F5ACD048E4EB7787F41FDDD0001346 2823992 ----a-w- C:\Windows\SysWOW64\nvapi.dll
2015-02-20 07:47:14 CF160D66448AEF6E0FEF1DF5B3E26694 32832 ----a-w- C:\Windows\SysWOW64\rnd_chunk.bin
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-25 07:07:30 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls
2015-02-23 09:50:06 710F79B9130FE241494F27A686391A1E 18634072 ----a-w- C:\Windows\Sysnative\nvwgf2umx.dll
2015-02-23 09:49:44 665A0CFCC00BBD0F7BB4D38F1BAAFB27 13916280 ----a-w- C:\Windows\Sysnative\nvopencl.dll
2015-02-23 09:49:36 30AC3C555E25045447876DB957A72109 31515280 ----a-w- C:\Windows\Sysnative\nvoglv64.dll
2015-02-23 09:49:20 16D8B604EE4B8AAFD7A582863B2492DF 944328 ----a-w- C:\Windows\Sysnative\NvIFR64.dll
2015-02-23 09:49:10 EBB6A74A689929DE5D4E527615E79807 902344 ----a-w- C:\Windows\Sysnative\NvFBC64.dll
2015-02-23 09:49:10 0B17C1499F6CF7F852B9CC94CFDBF102 1555656 ----a-w- C:\Windows\Sysnative\nvdispgenco6434144.dll
2015-02-23 09:49:08 EF62A1D0A9EA4EB8A9A48A0FBCE77AB1 1907400 ----a-w- C:\Windows\Sysnative\nvdispco6434144.dll
2015-02-23 09:49:00 F4599D1757E6ED1E2D87C162D004781C 4244680 ----a-w- C:\Windows\Sysnative\nvcuvid.dll
2015-02-23 09:48:58 5CE5144649217ADA3A56EAFD6A10D867 13828032 ----a-w- C:\Windows\Sysnative\nvcuda.dll
2015-02-23 09:48:00 DA068F983BDDCCB773046564EC110920 22993224 ----a-w- C:\Windows\Sysnative\nvcompiler.dll
====== C:\Windows\Sysnative\drivers =====
2015-02-25 14:53:28 F80E301136A4101814385A3B934AB4CD 69632 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcecm.sys
2015-02-25 14:53:28 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Windows\Sysnative\drivers\ewdcsc.sys
2015-02-25 14:53:28 DF65F49F3A108AB509D675312FC896B8 28672 ----a-w- C:\Windows\Sysnative\drivers\ew_juextctrl.sys
2015-02-25 14:53:28 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Windows\Sysnative\drivers\ew_hwupgrade.sys
2015-02-25 14:53:28 CA2E486FE6212FFD5FD171AC1A0B17BE 415744 ----a-w- C:\Windows\Sysnative\drivers\ewusbwwan.sys
2015-02-25 14:53:28 962032D69A8CA503F030F311CF4487B7 212992 ----a-w- C:\Windows\Sysnative\drivers\ew_juwwanecm.sys
2015-02-25 14:53:28 86F7951BBCEE4A86E79A97306BD14318 117248 ----a-w- C:\Windows\Sysnative\drivers\ew_hwusbdev.sys
2015-02-25 14:53:28 55E0EDA185869F7EA67EA97FD0655B39 13952 ----a-w- C:\Windows\Sysnative\drivers\ew_usbenumfilter.sys
2015-02-25 14:53:28 4DBBFCE863FE1B64C770EB53A3BA5860 98816 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcacm.sys
2015-02-25 14:53:28 4B80AF36EE9F31361C1DCB2EE563719A 222464 ----a-w- C:\Windows\Sysnative\drivers\ewusbmdm.sys
2015-02-25 14:53:28 1642C62F1FD5E1FF44608283994A7BB8 86016 ----a-w- C:\Windows\Sysnative\drivers\ew_jubusenum.sys
2015-02-25 14:53:28 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Windows\Sysnative\drivers\mod7700.sys
2015-02-25 09:07:15 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-02-25 09:07:10 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2015-02-25 09:06:34 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2015-02-25 09:06:29 0E9AD2D3784A0996A5131512939C09C0 1490656 ----a-w- C:\Windows\Sysnative\drivers\WdfCoInstaller01007.dll
2015-02-23 09:49:26 5D89C0070BC2643117CF33D0367AFABA 12894024 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
2015-02-11 06:22:38 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2015-02-11 06:22:38 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-02-11 06:22:38 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2015-03-03 16:18:51 -------- d-----w- C:\Windows\Sysnative\Tasks\COMODO
2015-03-01 11:12:33 29EE034C4B8CCEAD02F5C503E93D6ED5 3936 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 11:12:33 22934C31BA2B9B6E2B4C6259C0A74DAD 940 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 11:12:31 B3E7630EFE6E48569956FDE93F8F6136 936 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 11:12:31 542C3181F207A2D668750B294A2F0FB3 3684 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-03-03 16:23:10 -------- d-----w- C:\Program Files\ESET
2015-03-03 16:17:50 -------- d-----w- C:\Program Files\COMODO
2015-02-15 16:14:55 -------- d-----w- C:\Program Files\ComfortKeyboard
======= C:\PROGRA~2 =====
2015-03-04 11:37:51 -------- d-----w- C:\PROGRA~2\Aiseesoft Studio
2015-02-25 14:52:34 -------- d-----w- C:\PROGRA~2\T-Mobile Communication Center
2015-02-25 11:16:51 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
2015-02-16 11:44:11 -------- d-----w- C:\PROGRA~2\COMMON~1\Steganos
2015-02-11 12:45:16 -------- d-----w- C:\PROGRA~2\RecoveryMechanic
======= C: =====
2015-03-01 10:24:40 885BF8051D411E1D29ADFD622D06AE81 684 ---ha-w- C:\bdr-cf03
2015-03-01 10:20:33 C7FD70F69C7792256EED17FBDD83484F 3271472 ---ha-w- C:\bdr-bz03
2015-03-01 10:20:33 2FF5E9F6C9AE0D2CB3C905913AA1210D 9216 ---ha-w- C:\bdr-ld03.mbr
2015-03-01 10:20:32 BE281EFBD143463151649D4A3D552524 253404 ---ha-w- C:\bdr-ld03
2015-03-01 10:20:32 91DECAE7268AD708B276EE9A3DFEB4FC 49563064 ---ha-w- C:\bdr-im03.gz
2015-02-13 16:51:54 833A423E81E7B6B4A16A4FB7622E9EC9 684 ---ha-w- C:\bdr-cf02
2015-02-13 16:48:23 C7FD70F69C7792256EED17FBDD83484F 3271472 ---ha-w- C:\bdr-bz02
2015-02-13 16:48:23 1DF1B278817BD0F0865C65D63682250F 9216 ---ha-w- C:\bdr-ld02.mbr
2015-02-13 16:48:22 91DECAE7268AD708B276EE9A3DFEB4FC 49563064 ---ha-w- C:\bdr-im02.gz
2015-02-13 16:48:22 5937A41AFB8F5CD8B1492F4AC8A3CC85 253404 ---ha-w- C:\bdr-ld02
====== C:\Users\Rocky-67\AppData\Roaming ======
2015-03-04 12:53:36 D8C6EC7A73BD5E94CE3A91E29724AFD4 77464 ----a-w- C:\Users\Rocky-67\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 12:07:49 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Packages
2015-03-04 11:38:28 -------- d-----w- C:\Users\Rocky-67\AppData\Local\Aiseesoft Studio
2015-03-04 11:11:12 5BECCDEBAE4E757EBB5B3E6242C2D27D 77464 ----a-w- C:\Users\Gemini-67\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-03 14:56:02 -------- d-----w- C:\Users\Rocky-67\AppData\Roaming\Paradoxx
2015-03-03 14:15:16 -------- d-----w- C:\Users\Gemini-67\AppData\Roaming\Paradoxx
2015-03-01 11:36:52 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Deployment
2015-03-01 11:36:52 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Apps
2015-03-01 11:12:27 -------- d-----w- C:\Users\Rocky-67\AppData\Local\Google
2015-03-01 11:12:12 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Google
2015-02-26 16:25:58 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\NVIDIA
2015-02-23 17:32:29 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Engelmann_Media
2015-02-19 12:31:13 -------- d-----w- C:\Users\Gemini-67\AppData\Roaming\Zoner
2015-02-19 12:31:13 -------- d-----w- C:\Users\Gemini-67\AppData\Local\Zoner
2015-02-15 16:15:10 -------- d-----w- C:\Users\Rocky-67\AppData\Roaming\ComfortSoftware
2015-02-14 12:54:17 -------- d-s---w- C:\Users\UpdatusUser\AppData\Locallow\Microsoft
2015-02-14 11:38:30 -------- d-----w- C:\Users\Rocky-67\AppData\Local\Tific
2015-02-14 11:35:08 -------- d-----w- C:\Users\Rocky-67\AppData\Roaming\Tific
2015-02-14 10:49:40 -------- d-sh--w- C:\Users\Rocky-67\AppData\Locallow\EmieBrowserModeList
2015-02-14 10:49:39 -------- d-sh--w- C:\Users\Rocky-67\AppData\Locallow\EmieUserList
====== C:\Users\Rocky-67 ======
2015-03-04 11:38:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2015-03-04 11:37:51 -------- d-----w- C:\ProgramData\Aiseesoft Studio
2015-03-03 16:23:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-03-03 16:23:10 -------- d-----w- C:\ProgramData\ESET
2015-03-03 16:18:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-03-03 16:18:00 -------- d-----w- C:\ProgramData\Shared Space
2015-03-03 16:17:07 -------- d-----w- C:\ProgramData\Comodo Downloader
2015-03-03 16:16:27 -------- d-----w- C:\ProgramData\Comodo
2015-03-03 16:11:24 2903A82C50547CBF1FCB1486692300A4 1761992 ----a-w- C:\Users\Rocky-67\Downloads\eset_nod32_antivirus_live_installer_.exe
2015-03-03 16:10:46 64F91D95B0FCE262D79E2B5693DE8314 229979832 ----a-w- C:\Users\Rocky-67\Downloads\cfw_installer_5732_83.exe
2015-03-03 16:00:39 -------- d-----w- C:\ProgramData\Paradoxx
2015-03-03 15:43:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 15:42:26 EAE167F551ADACC9D76F567EDB237484 42628176 ----a-w- C:\Users\Rocky-67\Downloads\ChromeStandaloneSetup.exe
2015-03-01 10:25:41 6F51E56BCAFFE452A8A49DC2E50E3C61 633636 ----a-w- C:\ProgramData\1425205073.bdinstall.bin
2015-02-25 15:01:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile Communication Center
2015-02-23 11:39:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-02-19 09:40:48 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Rocky-67\Downloads\adwcleaner.exe
2015-02-18 19:45:43 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Rocky-67\Desktop\adwcleaner_4.111.exe
2015-02-15 16:14:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comfort On-Screen Keyboard
2015-02-08 14:33:07 -------- d-----w- C:\Users\Public\Documents\NativeFus_Log

====== C: exe-files ==
2015-03-04 12:51:06 EE3474156FC1AE2D26ADBD39EDEA0BC4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-238691012-2406985898-395691995-1002\$ILO2G0M.exe
2015-03-04 12:42:59 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\$Recycle.Bin\S-1-5-21-238691012-2406985898-395691995-1002\$RLO2G0M.exe
2015-03-04 11:37:51 B9D0F0D8D7FFD91A6B33987FB7427B34 1935624 ----a-w- C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Video Converter\unins000.exe
2015-03-04 11:37:51 672F82F2E3E0056405C1966F8C7F6D3A 435464 ----a-w- C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Video Converter\Aiseesoft Total Video Converter.exe
2015-03-04 11:37:51 5C995E30B98753A6DFA9133ACB6C9F60 127752 ----a-w- C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Video Converter\convertor.exe
2015-03-04 08:55:58 0A24BD6BED5C653128C891562295B950 14306440 ----a-w- C:\Users\Gemini-67\Aplikácie\Čistič súkromných pozostatkov\PrivaZer.exe
2015-03-03 16:28:59 65565B7EC5B08F91B608949A06D27920 589512 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\speclean.exe
2015-03-03 16:16:19 C5D5FAF66F0937A6E741EA4A64F65715 3625288 ----a-w- C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries\yandex_bm\browsermanagerinstaller.exe
2015-03-03 16:16:19 BDE79AE421BFE7558ED80707E844F78E 50682792 ----a-w- C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries\chromium_secure\chromiumsecuresetup.exe
2015-03-03 16:11:24 2903A82C50547CBF1FCB1486692300A4 1761992 ----a-w- C:\Users\Rocky-67\Downloads\eset_nod32_antivirus_live_installer_.exe
2015-03-03 16:10:46 64F91D95B0FCE262D79E2B5693DE8314 229979832 ----a-w- C:\Users\Rocky-67\Downloads\cfw_installer_5732_83.exe
2015-03-03 15:43:40 C5FD49B0561203A17BBF947738CB124A 41186896 ----atw- C:\Program Files (x86)\Google\Update\Install\{BD3A4B4B-2E46-4B44-90BC-BBFCE0F0AE24}\chrome_installer.exe
2015-03-03 15:43:39 C5FD49B0561203A17BBF947738CB124A 41186896 ----atw- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.115\chrome_installer.exe
2015-03-03 15:42:26 EAE167F551ADACC9D76F567EDB237484 42628176 ----a-w- C:\Users\Rocky-67\Downloads\ChromeStandaloneSetup.exe
2015-03-01 11:37:10 F6414DD3B23979312F8EBB91DE794178 11080 ------w- C:\Users\Gemini-67\AppData\Local\Apps\2.0\J61VEQD4.XVD\66HGRJC3.0A2\inta...app_86fd5b6b43e66935_0001.0003_4739acca7c95cc45\clickonce_bootstrap.exe
2015-03-01 11:37:10 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Gemini-67\AppData\Local\Apps\2.0\J61VEQD4.XVD\66HGRJC3.0A2\inta...app_86fd5b6b43e66935_0001.0003_4739acca7c95cc45\GoogleUpdateSetup.exe
2015-03-01 11:37:10 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Gemini-67\AppData\Local\Apps\2.0\J61VEQD4.XVD\66HGRJC3.0A2\clic...exe_86fd5b6b43e66935_0001.0003_none_f263691f58f224f9\GoogleUpdateSetup.exe
2015-03-01 11:12:28 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-03-01 11:12:28 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2015-03-01 11:12:28 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-03-01 11:12:28 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-03-01 11:12:28 13DA55F926A1F61E9E10D23E67BDF19C 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-03-01 11:12:27 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-03-01 11:12:27 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-03-01 11:12:27 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-03-01 11:12:27 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-26 16:27:19 AA5D818D6FF0AD757D0DA4A982B63F37 331952 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\NVIDIA\NvBackend\Packages\000063ef\DRS update.18761999.exe
2015-02-26 16:25:53 EBB53BF132E04A01B222CCF4C26C05B7 413840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE
2015-02-26 16:24:51 B12A490B9F29FC2A8DFAD0103B8B9448 76096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B7F91885-9235-4740-8C38-BDBE8B53D9DF}\nvsetup.exe
2015-02-26 16:24:51 09198B20E694BAE0F0A64700475436BA 33839456 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B7F91885-9235-4740-8C38-BDBE8B53D9DF}\NvCplSetupEng.exe
2015-02-26 16:24:50 7A794BB879295F9EA3A4DAC92FC71DD2 83412560 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B7F91885-9235-4740-8C38-BDBE8B53D9DF}\NvCplSetupInt.exe
2015-02-26 16:24:49 467E90E8E0539D558C415A193DE9F19E 444104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B7F91885-9235-4740-8C38-BDBE8B53D9DF}\dbInstaller.exe
2015-02-25 15:01:36 B4C2900BA9414FFA7D06D246B4B95142 843776 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
2015-02-25 15:01:36 5D78438E97190DC96F8BAF6BCD7535D6 552528 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\DPInst.exe
2015-02-25 15:01:36 4AA50885D2CEC4394A095AED5323AED5 677952 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\DPInst_x64.exe
2015-02-25 15:01:36 3F442906B29B552F1C9FEC1E221D90B7 795104 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\DPInst2k.exe
2015-02-25 15:01:36 3DC0EFC27FA1434AA10388D078772FC0 61440 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\TMCCDialUp.exe
2015-02-25 15:01:35 500DC397C39028360BBB2C9955EA5B5A 1178277 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\unins000.exe
2015-02-25 14:52:43 D202DBF1B2E0ED8625AD13AE400C58C0 329088 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\DriverUninstall.exe
2015-02-25 14:52:43 8DFBE3E8B925D3004AA0ADF8EF981232 130048 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\DataCard_Setup64.exe
2015-02-25 14:52:43 78E5ECA063CC7A955A353DA7F4884884 385408 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\devsetup64.exe
2015-02-25 14:52:43 55456BC5E4E3CCFCDD0A8CEC29AF277C 102912 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\DataCard_Setup.exe
2015-02-25 14:52:43 4DED745D192C7660475D4D71C4C098C6 333184 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\DriverSetup.exe
2015-02-25 14:52:43 3771F864F8387515FD7ACB8134D7F391 284032 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\devsetup32.exe
=== C: other files ==
2015-02-26 16:27:04 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{C2F2B5A5-F104-420D-9D7B-56F47D5A0172}\nvhda64.sys
2015-02-26 16:27:04 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{C2F2B5A5-F104-420D-9D7B-56F47D5A0172}\nvhda64v.sys
2015-02-26 16:27:04 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{C2F2B5A5-F104-420D-9D7B-56F47D5A0172}\nvhda32v.sys
2015-02-26 16:27:04 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{C2F2B5A5-F104-420D-9D7B-56F47D5A0172}\nvhda32.sys
2015-02-26 16:26:35 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{BB4AD7AA-8B6E-4FF9-A886-F3373BA23AF3}\nvstusb64.sys
2015-02-26 16:26:35 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{BB4AD7AA-8B6E-4FF9-A886-F3373BA23AF3}\nvstusb32.sys
2015-02-26 16:25:55 B073B633A49FC1A603E4A78FA2DE3B89 13512 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService32.sys
2015-02-26 16:25:55 A5564A90618EE4BC8EC9E69CBB1BED71 14536 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2SystemService64.sys
2015-02-25 14:53:28 F80E301136A4101814385A3B934AB4CD 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2015-02-25 14:53:28 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2015-02-25 14:53:28 DF65F49F3A108AB509D675312FC896B8 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2015-02-25 14:53:28 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2015-02-25 14:53:28 CA2E486FE6212FFD5FD171AC1A0B17BE 415744 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2015-02-25 14:53:28 962032D69A8CA503F030F311CF4487B7 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2015-02-25 14:53:28 86F7951BBCEE4A86E79A97306BD14318 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2015-02-25 14:53:28 55E0EDA185869F7EA67EA97FD0655B39 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2015-02-25 14:53:28 4DBBFCE863FE1B64C770EB53A3BA5860 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2015-02-25 14:53:28 4B80AF36EE9F31361C1DCB2EE563719A 222464 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2015-02-25 14:53:28 1642C62F1FD5E1FF44608283994A7BB8 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2015-02-25 14:53:28 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2015-02-25 14:52:44 FB54F67974D13D73BE3E2F1DF042D295 235392 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ewusbnet.sys
2015-02-25 14:52:44 F80E301136A4101814385A3B934AB4CD 69632 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_jucdcecm.sys
2015-02-25 14:52:44 F5F91FA6FE7E4AF269873CAA5F5B370E 861696 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\mod7700.sys
2015-02-25 14:52:44 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ewdcsc.sys
2015-02-25 14:52:44 F44461E66F1B7DD267957FE9BAA63ED0 73216 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_jubusenum.sys
2015-02-25 14:52:44 DF65F49F3A108AB509D675312FC896B8 28672 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_juextctrl.sys
2015-02-25 14:52:44 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_hwupgrade.sys
2015-02-25 14:52:44 CA2E486FE6212FFD5FD171AC1A0B17BE 415744 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ewusbwwan.sys
2015-02-25 14:52:44 B50E1D8627354BA8E4DF83470F1272C8 194816 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ewusbmdm.sys
2015-02-25 14:52:44 ABD9692AC0C6891DC02BC7DE559F967E 19200 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_hwupgrade.sys
2015-02-25 14:52:44 962032D69A8CA503F030F311CF4487B7 212992 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_juwwanecm.sys
2015-02-25 14:52:44 86F7951BBCEE4A86E79A97306BD14318 117248 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_hwusbdev.sys
2015-02-25 14:52:44 7DE001BAB4056257E1792AF1FCFA489F 181760 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_juwwanecm.sys
2015-02-25 14:52:44 6B5E4D5E6E5ECD6ACD14AED59768CE5C 28672 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\usbccid.sys
2015-02-25 14:52:44 69A103138B77AC0950EC3846E2E6F655 26624 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_juextctrl.sys
2015-02-25 14:52:44 61A973F60E94A551BA7B15F3460444FB 11136 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_usbenumfilter.sys
2015-02-25 14:52:44 58C54CF72D1B8518A14695B46CA26C90 349184 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ewusbwwan.sys
2015-02-25 14:52:44 57C171EA22F0A7F068FCB0CAEDD1E8E7 102784 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_hwusbdev.sys
2015-02-25 14:52:44 55E0EDA185869F7EA67EA97FD0655B39 13952 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_usbenumfilter.sys
2015-02-25 14:52:44 4DBBFCE863FE1B64C770EB53A3BA5860 98816 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_jucdcacm.sys
2015-02-25 14:52:44 4B80AF36EE9F31361C1DCB2EE563719A 222464 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ewusbmdm.sys
2015-02-25 14:52:44 3170044AA8090F80839D3D4330BF733A 90368 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_jucdcacm.sys
2015-02-25 14:52:44 23E7E928D59A95EA26A7205445EDC376 271360 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ewusbnet.sys
2015-02-25 14:52:44 21B9BACDD4418B59B546C42B4C5A084A 25856 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ewdcsc.sys
2015-02-25 14:52:44 1EF9E48AB82EA785C7348B22E9B02DC4 64384 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X86\ew_jucdcecm.sys
2015-02-25 14:52:44 1642C62F1FD5E1FF44608283994A7BB8 86016 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\ew_jubusenum.sys
2015-02-25 14:52:44 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Program Files (x86)\T-Mobile Communication Center\drivers\3d51979a77ab1e436e1d03b97db6ad6d\Driver\X64\mod7700.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-238691012-2406985898-395691995-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CKeyboard"="C:\Program Files\ComfortKeyboard\CKeyboard.exe"

[HKEY_USERS\S-1-5-21-238691012-2406985898-395691995-1007\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-238691012-2406985898-395691995-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"VitaKeyTSR"="C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CKeyboard"="C:\Program Files\ComfortKeyboard\CKeyboard.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acronis Scheduler2 Service"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcronisTibMounterMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcronisTibMounterMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Acronis\\TibMounter\\TibMounterMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLMLServer"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisTecPMMUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstallerLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InstallerLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\setuplauncher.exe\" /run:\"C:\\Program Files\\Common Files\\Bitdefender\\SetupInformation\\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\\Installer.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvBackend"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\Power2GoExpress.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ShadowPlay"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SysTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YouCam Mirage"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\YouCam\\YCMMirage.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YouCam Tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\YouCam\\YouCamTray.exe\" /s"


==== Startup Folders ======================

2013-10-04 09:01:47 836 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07. 02. 2015 11:47]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01. 03. 2015 12:12]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01. 03. 2015 12:12]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\GEMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\onbf9gsr.default-1415553195019
user_pref("browser.startup.homepage", "about:home");

ProfilePath: C:\Users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}"="C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt20" [04. 10. 2013 11:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GEMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\g7mhka77.default-1415349573022
- Undetermined - {DDC359D1-844A-42a7-9AA1-88A850A938A8}
- Undetermined - translator@zoli.bod
- Undetermined - anticontainer@downthemall.net
- DownThemAll AntiContainer - %ProfilePath%\extensions\anticontainer@downthemall.net.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

ProfilePath: C:\Users\GEMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\onbf9gsr.default-1415553195019
- Undetermined - anticontainer@downthemall.net
- Undetermined - {5C655500-E712-41e7-9349-CE462F844B19}
- Undetermined - {DDC359D1-844A-42a7-9AA1-88A850A938A8}
- Undetermined - {73a6fe31-595d-460b-a920-fcc0f8843232}
- DownThemAll AntiContainer - %ProfilePath%\extensions\anticontainer@downthemall.net.xpi
- Quick Translator - %ProfilePath%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

ProfilePath: C:\Users\GEMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\yx2dwdt3.default
- WOT - C:\Users\Gemini-67\AppData\Roaming\Mozilla\Firefox\Profiles\yx2dwdt3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Undetermined - {DDC359D1-844A-42a7-9AA1-88A850A938A8}
- Undetermined - anticontainer@downthemall.net
- Undetermined - {5C655500-E712-41e7-9349-CE462F844B19}
- Undetermined - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownThemAll AntiContainer - %ProfilePath%\extensions\anticontainer@downthemall.net.xpi
- Quick Translator - %ProfilePath%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabcmochhfpldjekobfaaggijgohadih - No path found[]

Google Slides - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Bitdefender Wallet - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Google Sheets - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Gmail - Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Bitdefender Wallet - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Google Sheets - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Gmail - Rocky-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O3 - Toolbar: (no name) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - (no file)
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKCU\..\Run: [CKeyboard] C:\Program Files\ComfortKeyboard\CKeyboard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-238691012-2406985898-395691995-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-238691012-2406985898-395691995-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://apps.driversupport.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{143907AF-3ADF-4242-85C1-0DBEE59F81B0}: NameServer = 195.146.132.58 195.146.128.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF76DC86-190E-4058-BAB8-DAED8BD21CFD}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on st 04. 03. 2015 at 14:37:29,19 ======================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu

#9 Příspěvek od altrok »

:arrow: Jaky proces vytezuje v dobe vysokeho zatizeni procesoru jeho vykon nejvic? Lze to vypozorovat v klasickem Task Manageru (Spravci uloh - CTRl + Shift + Esc).

:arrow: Prohlizece jsou ciste, tam problem nevidim.

:arrow: Skripty pro pouzivane utility jsou VZDY psane na miru konkretnimu uzivateli, takze neni rozumne po foru chodit a zkouset nahodne postupy. V krajnim pripade pocitaci muzete uskodit.

:arrow: Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
:arrow: Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete antiviry a vsechny real-time ochrany
  • spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
  • s licencnimi podminkami souhlaste - Ano
  • pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
  • v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna CombFixu neklikejte
  • vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#10 Příspěvek od Nabuchodonozor671 »

Zdravíčko!Tak CPU sa už ukľudnilo a do konca i adwcleaner včera večer normálne dokončil svoju prácu (nenašiel nič).Tu je log z rkill:Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/07/2015 12:10:02 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Ovládač overenia brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/07/2015 12:12:10 PM
Execution time: 0 hours(s), 2 minute(s), and 8 seconds(s)
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#11 Příspěvek od Nabuchodonozor671 »

A ešte ComboFix:ComboFix 15-03-01.01 - Rocky-67 . 03. 2015 12:19:07.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4087.2490 [GMT 1:00]
Running from: c:\users\Rocky-67\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1425205073.bdinstall.bin
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ar\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\bg\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ca\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\cs\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\da\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\de\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\el\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\en\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\es\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\fi\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\fr\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\he\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\hr\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\hu\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\id\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\it\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ja\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ko\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\nb\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\nl\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\pl\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\pt_BR\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\pt_PT\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ro\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\ru\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\sk\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\sl\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\sr\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\sv\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\te\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\tr\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\uk\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\vi\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\zh_CN\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_locales\zh_TW\messages.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_metadata\computed_hashes.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\_metadata\verified_contents.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\adblock_start_common.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\adblock_start_chrome.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\background.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\bandaids.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\button\popup.css
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\button\popup.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\button\popup.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\button\search\search.css
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\button\search\search.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\dropbox-datastores.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\domainset.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\filternormalizer.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\filteroptions.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\filterset.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\filtertypes.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\filtering\myfilters.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\functions.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\CHANGELOG.txt
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\checkupdates.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\chrome_oauth_receiver.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\chrome_oauth_receiver.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\idlehandler.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\delete.gif
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\dropbox1.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\dropbox2.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\dropbox3.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\facebook-sprite.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\gifloader.gif
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\gplus-sprite.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon128.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon16.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon16_grayscale.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon16_grayscale@2x.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon19-grayscale.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon19-whitelisted.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon19.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon24.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon32.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon38-grayscale.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon38-whitelisted.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon38.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\icon48.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\logo.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\check.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\magnifying_glass.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\search-engine-card_no-shadow.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\search-engine-icons.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\search\search_engine_select_arrow.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\img\twitter-sprite.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\jquery-ui.custom.css
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\css\override-page.css
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\jquery-ui.custom.min.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\jquery.cookie.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\jquery\jquery.min.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\LICENSE
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\manifest.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\customize.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\customize.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\filters.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\filters.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\general.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\general.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\index.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\index.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\options.css
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\support.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\options\support.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\adreport.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\adreport.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\resourceblock.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\resourceblock.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\subscribe.html
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\pages\subscribe.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\port.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\README.markdown
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\focus.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\incognito.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\pitchpage.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\search-plus-one.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\secure_reminder.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\search\serp.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\stats.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\translators.json
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\blacklisting\blacklistui.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\blacklisting\elementchain.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\blacklisting\overlay.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\load_jquery_ui.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\send_content_to_back.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\top_open_blacklist_ui.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\uiscripts\top_open_whitelist_ui.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\ytchannel.js
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Gemini-67\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2015-02-07 to 2015-03-07 )))))))))))))))))))))))))))))))
.
.
2015-03-07 11:32 . 2015-03-07 11:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-06 15:59 . 2015-03-07 13:13 -------- d-----w- c:\users\Rocky-67\AppData\Local\Temp
2015-03-06 08:44 . 2015-03-06 15:43 -------- d-----w- C:\FRST
2015-03-05 15:51 . 2015-03-05 16:04 -------- d-----w- c:\users\Rocky-67\AppData\Local\NPE
2015-03-05 15:51 . 2015-03-05 15:51 -------- d-----w- c:\programdata\Norton
2015-03-05 14:33 . 2015-03-05 14:33 -------- d-----w- c:\program files\trend micro
2015-03-05 14:33 . 2015-03-05 14:33 -------- d-----w- C:\rsit
2015-03-05 14:23 . 2015-03-05 14:23 -------- d-----w- C:\_OTM
2015-03-04 13:10 . 2015-03-04 13:10 -------- d-----w- C:\zoek_backup
2015-03-04 12:07 . 2015-03-04 12:07 -------- d-----w- c:\users\Gemini-67\AppData\Local\Packages
2015-03-04 11:38 . 2015-03-04 11:38 -------- d-----w- c:\users\Rocky-67\AppData\Local\Aiseesoft Studio
2015-03-04 11:37 . 2015-03-04 11:37 -------- d-----w- c:\programdata\Aiseesoft Studio
2015-03-04 11:37 . 2015-03-04 11:37 -------- d-----w- c:\program files (x86)\Aiseesoft Studio
2015-03-03 16:23 . 2015-03-03 16:23 -------- d-----w- c:\program files\ESET
2015-03-03 16:18 . 2015-03-03 16:18 -------- d-----w- c:\programdata\Shared Space
2015-03-03 16:17 . 2015-03-03 16:17 -------- d-----w- c:\program files\COMODO
2015-03-03 16:17 . 2015-03-03 16:17 -------- d-----w- c:\programdata\Comodo Downloader
2015-03-03 16:16 . 2015-03-03 16:18 -------- d-----w- c:\programdata\Comodo
2015-03-03 16:00 . 2015-03-03 16:00 -------- d-----w- c:\programdata\Paradoxx
2015-03-03 14:56 . 2015-03-03 14:56 -------- d-----w- c:\users\Rocky-67\AppData\Roaming\Paradoxx
2015-03-03 14:15 . 2015-03-03 14:15 -------- d-----w- c:\users\Gemini-67\AppData\Roaming\Paradoxx
2015-03-01 11:36 . 2015-03-01 11:37 -------- d-----w- c:\users\Gemini-67\AppData\Local\Deployment
2015-03-01 11:36 . 2015-03-01 11:36 -------- d-----w- c:\users\Gemini-67\AppData\Local\Apps
2015-03-01 11:12 . 2015-03-04 13:42 -------- d-----w- c:\users\Rocky-67\AppData\Local\Google
2015-03-01 11:12 . 2015-03-03 16:31 -------- d-----w- c:\users\Gemini-67\AppData\Local\Google
2015-03-01 10:20 . 2013-08-13 12:38 3271472 ---ha-w- C:\bdr-bz03
2015-02-25 15:01 . 2015-02-25 15:01 880640 ----a-w- c:\windows\SysWow64\SkinCrafter3_vs2005.dll
2015-02-25 14:53 . 2015-02-25 14:52 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2015-02-25 14:53 . 2015-02-25 14:52 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2015-02-25 14:53 . 2015-02-25 14:52 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2015-02-25 14:53 . 2015-02-25 14:52 415744 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2015-02-25 14:53 . 2015-02-25 14:52 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2015-02-25 14:53 . 2015-02-25 14:52 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2015-02-25 14:53 . 2015-02-25 14:52 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2015-02-25 14:53 . 2015-02-25 14:52 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2015-02-25 14:53 . 2015-02-25 14:52 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2015-02-25 14:53 . 2015-02-25 14:52 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2015-02-25 14:53 . 2015-02-25 14:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2015-02-25 14:53 . 2015-02-25 14:52 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2015-02-25 14:52 . 2015-02-25 15:01 -------- d-----w- c:\program files (x86)\T-Mobile Communication Center
2015-02-25 11:16 . 2015-02-25 11:17 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-02-25 09:06 . 2015-02-25 14:52 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2015-02-23 17:32 . 2015-02-23 17:32 -------- d-----w- c:\users\Gemini-67\AppData\Local\Engelmann_Media
2015-02-23 09:50 . 2015-02-26 16:22 18634072 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-23 09:50 . 2015-02-26 16:22 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-23 09:48 . 2015-02-26 16:22 3987600 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-23 09:48 . 2015-02-26 16:22 13828032 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-23 09:48 . 2015-02-26 16:22 11209192 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-23 09:48 . 2015-02-26 16:22 15294280 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-23 09:48 . 2015-02-26 16:23 22993224 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-23 09:47 . 2015-02-26 16:23 2823992 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-20 07:47 . 2015-02-20 07:47 32832 ----a-w- c:\windows\SysWow64\rnd_chunk.bin
2015-02-16 11:44 . 2015-02-16 11:44 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2015-02-15 16:15 . 2015-02-15 16:15 -------- d-----w- c:\users\Rocky-67\AppData\Roaming\ComfortSoftware
2015-02-15 16:14 . 2012-12-06 19:17 24408 ----a-w- c:\windows\system32\cskeyboardlogon.dll
2015-02-15 16:14 . 2012-12-06 19:13 89944 ----a-w- c:\windows\system32\runcosk.exe
2015-02-15 16:14 . 2012-12-06 19:13 167256 ----a-w- c:\windows\system32\CsCredentialLogon64.dll
2015-02-15 16:14 . 2012-12-06 19:13 199000 ----a-w- c:\windows\system32\CsCredentialLogon.dll
2015-02-15 16:14 . 2015-02-15 16:14 -------- d-----w- c:\program files\ComfortKeyboard
2015-02-13 16:57 . 2015-02-13 16:57 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-13 16:56 . 2015-03-01 10:28 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-13 16:48 . 2013-08-13 12:38 3271472 ---ha-w- C:\bdr-bz02
2015-02-12 07:06 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-12 07:06 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-12 07:06 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-12 07:06 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-12 06:49 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 06:49 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 06:49 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 06:49 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 12:45 . 2015-02-11 12:45 -------- d-----w- c:\program files (x86)\RecoveryMechanic
2015-02-11 06:25 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 06:22 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 06:21 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 06:21 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 06:21 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 06:21 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 06:21 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 06:21 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 06:21 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 06:21 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 06:21 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 06:21 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-08 14:00 . 2013-12-30 09:53 144664 ----a-w- c:\windows\SysWow64\secman.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 14:35 . 2014-10-19 17:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 16:23 . 2014-10-10 07:59 241368 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-03-03 16:23 . 2014-10-10 07:59 243440 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-03-03 16:23 . 2014-10-10 07:59 158968 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2015-03-03 16:23 . 2014-10-10 07:59 169280 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-03-01 10:29 . 2014-02-28 16:21 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-26 16:25 . 2014-11-13 10:02 932040 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-26 16:23 . 2014-11-13 10:01 3209736 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-26 16:22 . 2015-01-04 11:39 17559432 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-25 14:52 . 2010-02-23 05:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-02-11 07:13 . 2013-10-02 18:11 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-07 10:47 . 2013-10-04 12:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-07 10:47 . 2013-10-04 12:10 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 02:21 . 2014-11-13 10:02 6782152 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-04 02:21 . 2014-11-13 10:02 3522376 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-04 02:21 . 2014-11-13 10:02 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-04 02:21 . 2014-11-13 10:02 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-04 02:21 . 2014-11-13 10:02 384200 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-03 16:18 . 2015-01-04 11:41 4229086 ----a-w- c:\windows\system32\nvcoproc.bin
2015-01-30 11:27 . 2015-01-30 11:27 792648 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-01-30 11:27 . 2015-01-30 11:27 45880 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 11:27 . 2015-01-30 11:27 20184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-01-30 11:27 . 2015-01-30 11:27 104608 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-01-30 11:27 . 2015-01-30 11:27 40736 ----a-w- c:\windows\system32\cmdcsr.dll
2015-01-30 11:27 . 2015-01-30 11:27 481576 ----a-w- c:\windows\system32\guard64.dll
2015-01-30 11:27 . 2015-01-30 11:27 386768 ----a-w- c:\windows\SysWow64\guard32.dll
2015-01-30 11:27 . 2015-01-30 11:27 354520 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-01-30 11:27 . 2015-01-30 11:27 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-01-30 11:27 . 2015-01-30 11:27 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-01-30 11:27 . 2015-01-30 11:27 286424 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-01-23 06:58 . 2015-01-23 06:58 859456 ----a-w- c:\windows\yowindow.scr
2015-01-04 11:43 . 2015-01-04 11:43 208624 ----a-w- c:\windows\system32\SynTPCo20.dll
2015-01-04 11:43 . 2015-01-04 11:43 546032 ----a-w- c:\windows\system32\drivers\SynTP.sys
2015-01-04 11:43 . 2015-01-04 11:43 255216 ----a-w- c:\windows\system32\SynTPAPI.dll
2015-01-04 11:42 . 2015-01-04 11:42 407280 ----a-w- c:\windows\SysWow64\SynCom.dll
2015-01-04 11:42 . 2013-07-26 12:10 750320 ----a-w- c:\windows\system32\SynCOM.dll
2015-01-04 11:42 . 2015-01-04 11:42 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-01-04 11:39 . 2015-01-04 11:39 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2015-01-04 11:39 . 2015-01-04 11:39 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2015-01-04 11:37 . 2015-01-04 11:37 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2015-01-04 11:37 . 2015-01-04 11:37 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-12-19 03:06 . 2015-01-14 00:41 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 00:41 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 00:41 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-07-10 06:16 . 2014-07-10 06:16 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CKeyboard"="c:\program files\ComfortKeyboard\CKeyboard.exe" [2013-01-04 4165544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2011-04-19 384048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-12-12 1396440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\users\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys;c:\users\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SynTPEnhService;SynTPEnh Caller Service;c:\program files\Synaptics\SynTP\SynTPEnhService.exe;c:\program files\Synaptics\SynTP\SynTPEnhService.exe [x]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25 10:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-01-30 1297624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-03-03 5595336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{078A1910-50C5-43EA-8AC4-782E6032947D}: NameServer = 95.169.183.219,89.41.60.38
TCP: Interfaces\{DF76DC86-190E-4058-BAB8-DAED8BD21CFD}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EA87C4C0-DD2C-453A-8F3E-D9F894ED39B9}: NameServer = 95.169.183.219,89.41.60.38
FF - ProfilePath - c:\users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-238691012-2406985898-395691995-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF32BF16-2381-2C5F-9DAD-E96A80C71DC2}*]
"jabilnggfkabcbpchmha"=hex:64,62,6f,62,64,67,6c,6f,69,62,6d,66,65,6c,62,70,6f,
6c,6d,69,67,63,69,62,6c,65,61,68,68,63,64,6c,6c,6c,6b,65,6c,61,69,6c,00,64
"hakiikfgjddkbcln"=hex:70,61,62,67,68,68,64,62,69,62,6b,6b,62,68,6f,62,65,63,
6d,70,6e,70,67,66,70,66,62,63,63,6d,66,68,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hide Folders 2012\hf.exe
c:\program files\ComfortKeyboard\CKeyboardCm.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Completion time: 2015-03-07 14:19:15 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-07 13:19
.
Pre-Run: 24 827 043 840 bytes free
Post-Run: 22 968 471 552 bytes free
.
- - End Of File - - 207F176C00D006A04362EDE0DCFACF43
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu

#12 Příspěvek od altrok »

:arrow: Pokud jeste nemate, presunte ComboFix na plochu.
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]

RegNull::
[HKEY_USERS\S-1-5-21-238691012-2406985898-395691995-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF32BF16-2381-2C5F-9DAD-E96A80C71DC2}*]

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#13 Příspěvek od Nabuchodonozor671 »

ComboFix 15-03-01.01 - Rocky-67 . 03. 2015 11:59:43.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4087.2518 [GMT 1:00]
Running from: c:\users\Rocky-67\Desktop\ComboFix.exe
Command switches used :: c:\users\Rocky-67\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 11:10 . 2015-03-08 11:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-08 11:10 . 2015-03-08 11:10 -------- d-----w- c:\users\Gemini-67\AppData\Local\temp
2015-03-08 11:10 . 2015-03-08 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-07 14:07 . 2015-03-07 15:06 -------- d-----w- c:\program files (x86)\TeamViewer
2015-03-06 15:59 . 2015-03-08 11:13 -------- d-----w- c:\users\Rocky-67\AppData\Local\Temp
2015-03-06 08:44 . 2015-03-06 15:43 -------- d-----w- C:\FRST
2015-03-05 15:51 . 2015-03-05 16:04 -------- d-----w- c:\users\Rocky-67\AppData\Local\NPE
2015-03-05 15:51 . 2015-03-05 15:51 -------- d-----w- c:\programdata\Norton
2015-03-05 14:33 . 2015-03-05 14:33 -------- d-----w- c:\program files\trend micro
2015-03-05 14:33 . 2015-03-05 14:33 -------- d-----w- C:\rsit
2015-03-05 14:23 . 2015-03-05 14:23 -------- d-----w- C:\_OTM
2015-03-04 13:10 . 2015-03-04 13:10 -------- d-----w- C:\zoek_backup
2015-03-04 12:07 . 2015-03-04 12:07 -------- d-----w- c:\users\Gemini-67\AppData\Local\Packages
2015-03-04 11:38 . 2015-03-04 11:38 -------- d-----w- c:\users\Rocky-67\AppData\Local\Aiseesoft Studio
2015-03-04 11:37 . 2015-03-04 11:37 -------- d-----w- c:\programdata\Aiseesoft Studio
2015-03-04 11:37 . 2015-03-04 11:37 -------- d-----w- c:\program files (x86)\Aiseesoft Studio
2015-03-03 16:23 . 2015-03-03 16:23 -------- d-----w- c:\program files\ESET
2015-03-03 16:18 . 2015-03-03 16:18 -------- d-----w- c:\programdata\Shared Space
2015-03-03 16:17 . 2015-03-03 16:17 -------- d-----w- c:\program files\COMODO
2015-03-03 16:17 . 2015-03-03 16:17 -------- d-----w- c:\programdata\Comodo Downloader
2015-03-03 16:16 . 2015-03-03 16:18 -------- d-----w- c:\programdata\Comodo
2015-03-03 16:00 . 2015-03-03 16:00 -------- d-----w- c:\programdata\Paradoxx
2015-03-03 14:56 . 2015-03-03 14:56 -------- d-----w- c:\users\Rocky-67\AppData\Roaming\Paradoxx
2015-03-03 14:15 . 2015-03-03 14:15 -------- d-----w- c:\users\Gemini-67\AppData\Roaming\Paradoxx
2015-03-01 11:36 . 2015-03-01 11:37 -------- d-----w- c:\users\Gemini-67\AppData\Local\Deployment
2015-03-01 11:36 . 2015-03-01 11:36 -------- d-----w- c:\users\Gemini-67\AppData\Local\Apps
2015-03-01 11:12 . 2015-03-04 13:42 -------- d-----w- c:\users\Rocky-67\AppData\Local\Google
2015-03-01 11:12 . 2015-03-03 16:31 -------- d-----w- c:\users\Gemini-67\AppData\Local\Google
2015-03-01 10:20 . 2013-08-13 12:38 3271472 ---ha-w- C:\bdr-bz03
2015-02-25 15:01 . 2015-02-25 15:01 880640 ----a-w- c:\windows\SysWow64\SkinCrafter3_vs2005.dll
2015-02-25 14:53 . 2015-02-25 14:52 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2015-02-25 14:53 . 2015-02-25 14:52 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2015-02-25 14:53 . 2015-02-25 14:52 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2015-02-25 14:53 . 2015-02-25 14:52 415744 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2015-02-25 14:53 . 2015-02-25 14:52 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2015-02-25 14:53 . 2015-02-25 14:52 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2015-02-25 14:53 . 2015-02-25 14:52 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2015-02-25 14:53 . 2015-02-25 14:52 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2015-02-25 14:53 . 2015-02-25 14:52 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2015-02-25 14:53 . 2015-02-25 14:52 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2015-02-25 14:53 . 2015-02-25 14:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2015-02-25 14:53 . 2015-02-25 14:52 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2015-02-25 14:52 . 2015-02-25 15:01 -------- d-----w- c:\program files (x86)\T-Mobile Communication Center
2015-02-25 11:16 . 2015-02-25 11:17 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-02-25 09:06 . 2015-02-25 14:52 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2015-02-23 17:32 . 2015-02-23 17:32 -------- d-----w- c:\users\Gemini-67\AppData\Local\Engelmann_Media
2015-02-23 09:50 . 2015-02-26 16:22 18634072 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-23 09:50 . 2015-02-26 16:22 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-23 09:48 . 2015-02-26 16:22 3987600 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-23 09:48 . 2015-02-26 16:22 13828032 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-23 09:48 . 2015-02-26 16:22 11209192 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-23 09:48 . 2015-02-26 16:22 15294280 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-23 09:48 . 2015-02-26 16:23 22993224 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-23 09:47 . 2015-02-26 16:23 2823992 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-20 07:47 . 2015-02-20 07:47 32832 ----a-w- c:\windows\SysWow64\rnd_chunk.bin
2015-02-16 11:44 . 2015-02-16 11:44 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2015-02-15 16:15 . 2015-02-15 16:15 -------- d-----w- c:\users\Rocky-67\AppData\Roaming\ComfortSoftware
2015-02-15 16:14 . 2012-12-06 19:17 24408 ----a-w- c:\windows\system32\cskeyboardlogon.dll
2015-02-15 16:14 . 2012-12-06 19:13 89944 ----a-w- c:\windows\system32\runcosk.exe
2015-02-15 16:14 . 2012-12-06 19:13 167256 ----a-w- c:\windows\system32\CsCredentialLogon64.dll
2015-02-15 16:14 . 2012-12-06 19:13 199000 ----a-w- c:\windows\system32\CsCredentialLogon.dll
2015-02-15 16:14 . 2015-02-15 16:14 -------- d-----w- c:\program files\ComfortKeyboard
2015-02-13 16:57 . 2015-02-13 16:57 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-13 16:56 . 2015-03-01 10:28 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-13 16:48 . 2013-08-13 12:38 3271472 ---ha-w- C:\bdr-bz02
2015-02-12 07:06 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-12 07:06 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-12 07:06 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-12 07:06 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-12 06:49 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 06:49 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 06:49 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 06:49 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 12:45 . 2015-02-11 12:45 -------- d-----w- c:\program files (x86)\RecoveryMechanic
2015-02-11 06:25 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-11 06:22 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 06:21 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 06:21 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 06:21 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 06:21 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 06:21 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 06:21 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 06:21 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 06:21 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 06:21 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 06:21 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-08 14:00 . 2013-12-30 09:53 144664 ----a-w- c:\windows\SysWow64\secman.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 14:35 . 2014-10-19 17:23 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 16:23 . 2014-10-10 07:59 241368 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-03-03 16:23 . 2014-10-10 07:59 243440 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-03-03 16:23 . 2014-10-10 07:59 158968 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2015-03-03 16:23 . 2014-10-10 07:59 169280 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-03-01 10:29 . 2014-02-28 16:21 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-26 16:25 . 2014-11-13 10:02 932040 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-26 16:23 . 2014-11-13 10:01 3209736 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-26 16:22 . 2015-01-04 11:39 17559432 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-25 14:52 . 2010-02-23 05:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-02-11 07:13 . 2013-10-02 18:11 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-07 10:47 . 2013-10-04 12:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-07 10:47 . 2013-10-04 12:10 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 02:21 . 2014-11-13 10:02 6782152 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-04 02:21 . 2014-11-13 10:02 3522376 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-04 02:21 . 2014-11-13 10:02 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-04 02:21 . 2014-11-13 10:02 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-04 02:21 . 2014-11-13 10:02 384200 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-03 16:18 . 2015-01-04 11:41 4229086 ----a-w- c:\windows\system32\nvcoproc.bin
2015-01-30 11:27 . 2015-01-30 11:27 792648 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-01-30 11:27 . 2015-01-30 11:27 45880 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 11:27 . 2015-01-30 11:27 20184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-01-30 11:27 . 2015-01-30 11:27 104608 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-01-30 11:27 . 2015-01-30 11:27 40736 ----a-w- c:\windows\system32\cmdcsr.dll
2015-01-30 11:27 . 2015-01-30 11:27 481576 ----a-w- c:\windows\system32\guard64.dll
2015-01-30 11:27 . 2015-01-30 11:27 386768 ----a-w- c:\windows\SysWow64\guard32.dll
2015-01-30 11:27 . 2015-01-30 11:27 354520 ----a-w- c:\windows\system32\cmdvrt64.dll
2015-01-30 11:27 . 2015-01-30 11:27 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2015-01-30 11:27 . 2015-01-30 11:27 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2015-01-30 11:27 . 2015-01-30 11:27 286424 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2015-01-23 06:58 . 2015-01-23 06:58 859456 ----a-w- c:\windows\yowindow.scr
2015-01-04 11:43 . 2015-01-04 11:43 208624 ----a-w- c:\windows\system32\SynTPCo20.dll
2015-01-04 11:43 . 2015-01-04 11:43 546032 ----a-w- c:\windows\system32\drivers\SynTP.sys
2015-01-04 11:43 . 2015-01-04 11:43 255216 ----a-w- c:\windows\system32\SynTPAPI.dll
2015-01-04 11:42 . 2015-01-04 11:42 407280 ----a-w- c:\windows\SysWow64\SynCom.dll
2015-01-04 11:42 . 2013-07-26 12:10 750320 ----a-w- c:\windows\system32\SynCOM.dll
2015-01-04 11:42 . 2015-01-04 11:42 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-01-04 11:39 . 2015-01-04 11:39 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2015-01-04 11:39 . 2015-01-04 11:39 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2015-01-04 11:37 . 2015-01-04 11:37 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2015-01-04 11:37 . 2015-01-04 11:37 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-12-19 03:06 . 2015-01-14 00:41 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 00:41 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 00:41 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-07-10 06:16 . 2014-07-10 06:16 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CKeyboard"="c:\program files\ComfortKeyboard\CKeyboard.exe" [2013-01-04 4165544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2011-04-19 384048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-12-12 1396440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\users\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys;c:\users\GEMINI-67\APLIKáCIE\ANTIVíRY\BIN\cleanhlp64.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SynTPEnhService;SynTPEnh Caller Service;c:\program files\Synaptics\SynTP\SynTPEnhService.exe;c:\program files\Synaptics\SynTP\SynTPEnhService.exe [x]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys;c:\windows\SYSNATIVE\Drivers\AVerAF15.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25 10:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-01-30 1297624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-03-03 5595336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{078A1910-50C5-43EA-8AC4-782E6032947D}: NameServer = 95.169.183.219,89.41.60.38
TCP: Interfaces\{DF76DC86-190E-4058-BAB8-DAED8BD21CFD}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EA87C4C0-DD2C-453A-8F3E-D9F894ED39B9}: NameServer = 95.169.183.219,89.41.60.38
FF - ProfilePath - c:\users\Rocky-67\AppData\Roaming\Mozilla\Firefox\Profiles\aio6a6tb.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files\Hide Folders 2012\hf.exe
c:\program files\ComfortKeyboard\CKeyboardCm.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Completion time: 2015-03-08 12:18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-08 11:18
ComboFix2.txt 2015-03-07 13:19
.
Pre-Run: 22 665 379 840 bytes free
Post-Run: 22 577 942 528 bytes free
.
- - End Of File - - 499CABCA6A0D14113A20AA5E0D0B6663
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu logu

#14 Příspěvek od altrok »

Ted jsou logy ciste, takze par dni sledujte stav PC a pripadne uz jen uklidime pouzite nastroje.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Nabuchodonozor671
Návštěvník
Návštěvník
Příspěvky: 24
Registrován: 29 zář 2013 17:47

Re: Prosím o kontrolu logu

#15 Příspěvek od Nabuchodonozor671 »

O.K.!Zatiaľ Vám veľmi pekne ďakujem,PC zatiaľ šlape,keď sa niečo vyskytne,znova budem otravovať... :?: Pekný večer a nech sa darí!Zatiaľ. :wink:
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“