PC nevidí žiadny sieťový adaptér...
Napsal: 27 bře 2015 16:50
Log s FRST :
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ondrej (administrator) on ONDREJ-PC on 27-03-2015 16:38:28
Running from G:\!! Viry.cz !!
Loaded Profiles: Ondrej (Available profiles: Ondrej)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(BitTorrent Inc.) C:\Users\Ondrej\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [uTorrent] => C:\Users\Ondrej\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-02-09] (BitTorrent Inc.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\MountPoints2: {331f4278-b056-11e4-a22b-74d4359375b1} - F:\autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\searchplugins\yandex.com-120633.xml [2015-02-10]
FF Extension: Reverse Page 1.0.1 - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\Extensions\{29eb638a-6d5a-4991-8851-b2d34edf4f64}.xpi [2015-02-10]
FF Extension: Adblock Plus - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\LPESNIOB27154074@RO39491085.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\yasearch@yandex.ru [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\vb@yandex.ru [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=14235 ... XX9VMV5DN6"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefi ... earchTerms}
CHR Profile: C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (SnapMyScreen) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bionnabacihaledmiigenoigkkpdihgg [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Adblock Plus) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-08]
CHR Extension: (Google Search) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Sheets) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=163&clid=1989595"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Util Reverse Page; C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe [410360 2015-02-12] ()
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-09] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 16:38 - 2015-03-27 16:38 - 00000000 ____D () C:\FRST
2015-03-27 16:18 - 2015-03-27 16:24 - 00000000 ____D () C:\AdwCleaner
2015-03-27 16:09 - 2015-03-27 16:09 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 16:38 - 2015-02-09 15:32 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\uTorrent
2015-03-27 16:36 - 2015-02-10 10:27 - 00001344 _____ () C:\Windows\Tasks\CIUZJIT.job
2015-03-27 16:36 - 2015-02-10 10:26 - 00001338 _____ () C:\Windows\Tasks\OLHS.job
2015-03-27 16:36 - 2015-02-08 17:50 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 16:36 - 2015-02-04 06:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-27 16:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 16:36 - 2009-07-14 05:51 - 00048444 _____ () C:\Windows\setupact.log
2015-03-27 16:34 - 2015-02-03 20:07 - 01237304 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 16:34 - 2009-07-14 05:45 - 00030304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 16:34 - 2009-07-14 05:45 - 00030304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 16:26 - 2015-02-14 20:47 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\Skype
2015-03-27 16:20 - 2009-07-14 06:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 16:16 - 2015-02-08 17:53 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 16:16 - 2015-02-07 14:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:16 - 2015-02-07 14:39 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-27 16:09 - 2015-02-14 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-27 15:54 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Ondrej\AppData\Local\Hotger
2015-03-27 15:54 - 2015-02-07 14:24 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\vlc
2015-03-27 15:54 - 2015-02-03 20:29 - 00000000 ____D () C:\Users\Ondrej
2015-03-27 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-27 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-26 21:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Ondrej\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Ondrej\AppData\Roaming\OLHS
Some content of TEMP:
====================
C:\Users\Ondrej\AppData\Local\Temp\InstHelper.exe
C:\Users\Ondrej\AppData\Local\Temp\InstStub.exe
C:\Users\Ondrej\AppData\Local\Temp\Quarantine.exe
C:\Users\Ondrej\AppData\Local\Temp\setup.exe
C:\Users\Ondrej\AppData\Local\Temp\sqlite3.dll
C:\Users\Ondrej\AppData\Local\Temp\utt8262.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttA70F.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttB082.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttC388.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-14 14:45
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ondrej (administrator) on ONDREJ-PC on 27-03-2015 16:38:28
Running from G:\!! Viry.cz !!
Loaded Profiles: Ondrej (Available profiles: Ondrej)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(BitTorrent Inc.) C:\Users\Ondrej\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [uTorrent] => C:\Users\Ondrej\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-02-09] (BitTorrent Inc.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\...\MountPoints2: {331f4278-b056-11e4-a22b-74d4359375b1} - F:\autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1086704486-2771090671-2040193798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\searchplugins\yandex.com-120633.xml [2015-02-10]
FF Extension: Reverse Page 1.0.1 - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\Extensions\{29eb638a-6d5a-4991-8851-b2d34edf4f64}.xpi [2015-02-10]
FF Extension: Adblock Plus - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\LPESNIOB27154074@RO39491085.com [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\yasearch@yandex.ru [Not Found]
FF Extension: No Name - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\eocsfn6x.default\extensions\vb@yandex.ru [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=14235 ... XX9VMV5DN6"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefi ... earchTerms}
CHR Profile: C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (SnapMyScreen) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bionnabacihaledmiigenoigkkpdihgg [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Adblock Plus) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-08]
CHR Extension: (Google Search) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Google Sheets) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Ondrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=163&clid=1989595"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Util Reverse Page; C:\Program Files (x86)\Reverse Page\bin\utilReversePage.exe [410360 2015-02-12] ()
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-09] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 16:38 - 2015-03-27 16:38 - 00000000 ____D () C:\FRST
2015-03-27 16:18 - 2015-03-27 16:24 - 00000000 ____D () C:\AdwCleaner
2015-03-27 16:09 - 2015-03-27 16:09 - 00000000 ____D () C:\Windows\system32\appmgmt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-27 16:38 - 2015-02-09 15:32 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\uTorrent
2015-03-27 16:36 - 2015-02-10 10:27 - 00001344 _____ () C:\Windows\Tasks\CIUZJIT.job
2015-03-27 16:36 - 2015-02-10 10:26 - 00001338 _____ () C:\Windows\Tasks\OLHS.job
2015-03-27 16:36 - 2015-02-08 17:50 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 16:36 - 2015-02-04 06:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-27 16:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 16:36 - 2009-07-14 05:51 - 00048444 _____ () C:\Windows\setupact.log
2015-03-27 16:34 - 2015-02-03 20:07 - 01237304 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 16:34 - 2009-07-14 05:45 - 00030304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 16:34 - 2009-07-14 05:45 - 00030304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 16:26 - 2015-02-14 20:47 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\Skype
2015-03-27 16:20 - 2009-07-14 06:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 16:16 - 2015-02-08 17:53 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 16:16 - 2015-02-07 14:39 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-27 16:16 - 2015-02-07 14:39 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-27 16:09 - 2015-02-14 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-27 15:54 - 2015-02-09 18:30 - 00000000 ____D () C:\Users\Ondrej\AppData\Local\Hotger
2015-03-27 15:54 - 2015-02-07 14:24 - 00000000 ____D () C:\Users\Ondrej\AppData\Roaming\vlc
2015-03-27 15:54 - 2015-02-03 20:29 - 00000000 ____D () C:\Users\Ondrej
2015-03-27 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-27 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-26 21:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Ondrej\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Ondrej\AppData\Roaming\OLHS
Some content of TEMP:
====================
C:\Users\Ondrej\AppData\Local\Temp\InstHelper.exe
C:\Users\Ondrej\AppData\Local\Temp\InstStub.exe
C:\Users\Ondrej\AppData\Local\Temp\Quarantine.exe
C:\Users\Ondrej\AppData\Local\Temp\setup.exe
C:\Users\Ondrej\AppData\Local\Temp\sqlite3.dll
C:\Users\Ondrej\AppData\Local\Temp\utt8262.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttA70F.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttB082.tmp.exe
C:\Users\Ondrej\AppData\Local\Temp\uttC388.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-14 14:45
==================== End Of Log ============================