VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Stále znovu se objevující virus

https://forum.viry.cz:443/viewtopic.php?t=143943

Stránka 1 z 2

Stále znovu se objevující virus

Napsal: 12 dub 2015 22:02
od Bukvoj
Zdravím,
prosím o radu a předem dějuju mockrát za pomoc. Pokusím se srozumitelně popsat o co jde. Antivirový program opakovaně hlásí virus a ten se vždy po čištění a restartu počítače vrací na stejné místo s mírně odlišným názvem. Reportované soubory se objevují zde: C:\ProgramDatayMicrosoft\Security\Client a pořád zde přibývají nové. Také se objevily tyto složky, které nevím, kde se vzaly a jsou mi podezřelé: C:\User\VT\AppData\Ozics a C:\User\VT\AppData\UVWMedia. Soubory, které so objevují se jmenují tmp25F.exe nebo podobně, vždy začínají tmp... Na různých fórech jsem našel několik velmi podobných příkladů. Taky se stávalo, že se skrytě pouštěl IE, bežel proces na pozadí, a pravděpodobně počítač sloužil ke spamování (anitivirus v reálném čase hlásil kontrolu množství odchozích spamů). To se podařiolo eliminovat zlikvidováním IE. Následuje log z FRST. Díky moc! VT (PS: FRSTLauncher se mi bohužel stáhnout nepodařilo ani s vypnutým štítem - blokují to prohlížeče a nevím, jak to vypnout...)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by VT (administrator) on VT-PC on 12-04-2015 22:54:07
Running from C:\Users\VT\Desktop
Loaded Profiles: VT (Available profiles: VT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
() C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ghisler Software GmbH) C:\Program Files\Total Commander\TOTALCMD64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
HKLM-x32\...\Run: [LWBKEYLOCK] => C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe [310784 2008-05-02] ()
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-07] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-07] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3326361065-4142631383-672199101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Extension: YouTube Enhancer Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-05]
FF Extension: Adblock Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-09]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Avast Online Security) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-07] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-02-06] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-07] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-05] (Disc Soft Ltd)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\system32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-07] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 22:54 - 2015-04-12 22:54 - 00020331 _____ () C:\Users\VT\Desktop\FRST.txt
2015-04-12 22:37 - 2015-04-12 22:54 - 00000000 ____D () C:\FRST
2015-04-12 22:26 - 2015-04-12 22:27 - 02096640 _____ (Farbar) C:\Users\VT\Desktop\FRST64.exe
2015-04-10 19:55 - 2015-02-10 18:44 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-10 19:55 - 2015-02-10 18:43 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-10 19:55 - 2015-02-10 18:43 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-10 19:55 - 2015-02-10 18:43 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 12297728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 09059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 02468864 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-10 19:55 - 2015-02-10 18:42 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-10 19:55 - 2015-02-10 18:41 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-10 19:55 - 2015-02-10 18:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-10 19:55 - 2015-02-10 18:41 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-10 19:55 - 2015-02-10 18:40 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-10 19:55 - 2015-02-10 18:21 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-10 19:55 - 2015-02-10 18:21 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-10 19:55 - 2015-02-10 18:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-10 19:55 - 2015-02-10 18:21 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 11026432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 06030336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 02087424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-10 19:55 - 2015-02-10 18:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-10 19:55 - 2015-02-10 18:19 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-10 19:55 - 2015-02-10 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-10 19:55 - 2015-02-10 18:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-10 19:55 - 2015-02-10 18:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-10 19:55 - 2015-02-10 17:21 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-10 19:55 - 2015-02-10 16:59 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-10 19:55 - 2015-02-10 15:50 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-10 19:55 - 2015-02-10 15:21 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-10 19:55 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-10 19:55 - 2014-08-30 04:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-10 19:55 - 2014-08-30 03:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-09 22:19 - 2015-04-09 22:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-09 22:19 - 2015-04-09 22:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-09 22:08 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-09 22:08 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-09 22:08 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-09 22:08 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-09 22:08 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-09 22:08 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-09 22:08 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-09 22:08 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-09 22:08 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-09 22:08 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-09 22:08 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-09 22:08 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-09 22:08 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-09 22:08 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-09 22:08 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-09 22:05 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-09 22:05 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-09 22:05 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-09 22:05 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-09 22:05 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-09 22:05 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-09 22:05 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-09 22:05 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-09 22:05 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-08 21:18 - 2015-04-08 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 19:41 - 2015-04-12 19:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 19:41 - 2015-03-13 21:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 21:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-06 19:41 - 2015-03-13 18:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-06 19:41 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-06 19:41 - 2015-03-11 15:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 19:40 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-04 08:30 - 2015-04-04 08:30 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 08:30 - 2015-04-04 08:30 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\Users\VT\AppData\Local\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-31 21:26 - 2015-03-31 21:26 - 00000000 ____D () C:\Users\VT\AppData\Roaming\dvdcss
2015-03-25 23:43 - 2015-03-25 23:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 23:43 - 2015-03-25 23:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Sun
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Users\VT\AppData\Local\DOSBox
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 22:52 - 2015-01-29 20:36 - 00126335 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-12 22:29 - 2015-02-05 00:19 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 22:19 - 2015-02-06 21:40 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 21:48 - 2015-02-05 22:56 - 00000000 ____D () C:\Users\VT\AppData\Roaming\uTorrent
2015-04-12 21:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-12 21:07 - 2015-02-04 23:06 - 01785014 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 21:07 - 2009-07-14 06:51 - 00086413 _____ () C:\Windows\setupact.log
2015-04-12 19:57 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:57 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:56 - 2011-04-12 10:34 - 00668542 _____ () C:\Windows\system32\perfh005.dat
2015-04-12 19:56 - 2011-04-12 10:34 - 00141202 _____ () C:\Windows\system32\perfc005.dat
2015-04-12 19:56 - 2009-07-14 07:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:50 - 2015-02-05 00:19 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 19:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 19:47 - 2015-02-12 00:13 - 00002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-04-12 19:47 - 2015-02-12 00:13 - 00000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-04-12 19:45 - 2014-02-18 17:58 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-04-12 08:01 - 2015-02-06 00:43 - 00000000 ____D () C:\Users\VT\AppData\Local\Adobe
2015-04-11 22:58 - 2015-02-04 23:53 - 00000000 ____D () C:\Users\VT\AppData\Roaming\vlc
2015-04-11 03:00 - 2015-02-05 00:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-09 22:20 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-09 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-09 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-09 22:06 - 2014-02-18 17:16 - 01557940 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-09 22:04 - 2015-02-04 23:07 - 00000000 ____D () C:\Users\VT\AppData\Local\VirtualStore
2015-04-09 08:03 - 2015-02-04 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 19:55 - 2015-02-11 00:23 - 00000000 ____D () C:\Users\VT\AppData\Roaming\MediaMonkey
2015-04-06 19:42 - 2015-01-29 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-03 20:33 - 2015-02-06 21:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-03 20:33 - 2015-02-06 21:40 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-03 20:33 - 2015-02-06 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-03 20:33 - 2015-02-05 01:05 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Skype
2015-04-03 20:32 - 2014-02-18 17:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 09:31 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 01:44 - 2015-02-05 23:40 - 00000000 ____D () C:\Users\VT\AppData\Local\Microsoft Help
2015-03-26 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-16 23:55 - 2015-02-05 01:20 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Files in the root of some directories =======

2015-02-12 00:13 - 2015-04-12 19:47 - 0002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-02-12 00:13 - 2015-04-12 19:47 - 0000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-02-23 21:30 - 2015-02-23 21:30 - 0001456 _____ () C:\Users\VT\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-13 23:54 - 2015-02-13 23:54 - 0000017 _____ () C:\Users\VT\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\VT\AppData\Local\Temp\AcDeltree.exe
C:\Users\VT\AppData\Local\Temp\AskSLib.dll
C:\Users\VT\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\VT\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\VT\AppData\Local\Temp\nvStInst.exe
C:\Users\VT\AppData\Local\Temp\ose00000.exe
C:\Users\VT\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\VT\AppData\Local\Temp\vrayuninst.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 20:52

==================== End Of Log ============================

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 09:36
od altrok
Zdravim :bye:


:arrow: Radeji zazalohujte dulezita data.

:arrow: Operacni system je legalni?

:arrow: Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 20:28
od Bukvoj
Díky za reakci, chystal jsem se pokračovat v léčení, ale systém se začal chovat nestabilně a při novém zapnutí kolaboval. Explorer.exe se bezdůvodně ukončoval. Bylo třeba se vrátit o pár dní zpět pomocí obnovení systému po restartu. Takže připojuju nový log z FRST s aktuální konfigurací. Mám postupovat stejně, nebo se něco mění? Windows jsou legální.
Díky VT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by VT (administrator) on VT-PC on 13-04-2015 21:22:18
Running from C:\Users\VT\Desktop
Loaded Profiles: VT (Available profiles: VT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
() C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\Microsoft\Security\Client\temp\tmpFF83.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
HKLM-x32\...\Run: [LWBKEYLOCK] => C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe [310784 2008-05-02] ()
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\4e6ca7df-a964-421d-9c54-c52ca481496e.exe [183232 2015-04-13] (AVAST Software)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [{80C9987B-3E6E-48E7-C19D-D4664F713275}] => C:\ProgramData\Microsoft\Security\Client\temp\tmpFF83.exe [294912 2015-04-09] () <===== ATTENTION
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [UVWmedia] => C:\Users\VT\AppData\Local\UVWmedia\tmpFF83.exe [294912 2015-04-09] ()
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [Eltion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\VT\AppData\Local\UVWmedia\New.dll
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-07] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-07] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Extension: YouTube Enhancer Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-05]
FF Extension: Adblock Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-09]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Avast Online Security) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-07] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-02-06] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-07] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-05] (Disc Soft Ltd)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\system32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-07] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 21:21 - 2015-04-13 21:21 - 02096640 _____ (Farbar) C:\Users\VT\Desktop\FRST64.exe
2015-04-13 21:20 - 2015-04-13 21:20 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 21:20 - 2015-03-07 20:23 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw56F7.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw5789.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-13 21:20 - 2015-03-07 20:23 - 00268640 _____ () C:\Windows\system32\Drivers\asw5799.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw579A.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw5756.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw5777.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00065736 _____ () C:\Windows\system32\Drivers\asw5788.tmp
2015-04-13 21:20 - 2015-03-07 20:23 - 00029168 _____ () C:\Windows\system32\Drivers\asw5766.tmp
2015-04-12 22:54 - 2015-04-13 21:22 - 00020854 _____ () C:\Users\VT\Desktop\FRST.txt
2015-04-12 22:37 - 2015-04-13 21:22 - 00000000 ____D () C:\FRST
2015-04-09 22:19 - 2015-04-13 22:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-09 22:19 - 2015-04-13 22:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 21:18 - 2015-04-08 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 19:41 - 2015-04-13 21:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 19:41 - 2015-03-13 21:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 21:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-06 19:41 - 2015-03-13 18:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-06 19:41 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-06 19:41 - 2015-03-11 15:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 19:40 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-04 08:30 - 2015-04-13 22:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 08:30 - 2015-04-04 08:30 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\Users\VT\AppData\Local\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-02 08:33 - 2015-02-23 12:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 08:33 - 2015-02-23 12:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-02 08:33 - 2015-02-23 12:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 08:33 - 2015-02-23 12:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 08:33 - 2015-02-23 12:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-02 08:33 - 2015-02-23 12:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 08:33 - 2015-02-23 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-02 08:33 - 2015-02-23 10:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 08:33 - 2015-02-23 10:25 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-02 08:33 - 2015-02-21 07:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(554).dll
2015-04-02 08:33 - 2015-02-21 07:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(553).dll
2015-04-02 08:33 - 2015-02-21 07:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-02 08:33 - 2015-02-21 07:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-02 08:33 - 2015-02-21 07:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-02 08:33 - 2015-02-21 07:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-02 08:33 - 2015-02-21 07:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-02 08:33 - 2015-02-21 06:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-02 08:33 - 2015-02-21 06:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-03-31 21:26 - 2015-03-31 21:26 - 00000000 ____D () C:\Users\VT\AppData\Roaming\dvdcss
2015-03-25 23:43 - 2015-03-25 23:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 23:43 - 2015-03-25 23:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Sun
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Users\VT\AppData\Local\DOSBox
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 22:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-13 22:18 - 2015-03-07 20:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-04-13 22:18 - 2015-03-07 20:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-04-13 22:18 - 2015-03-03 20:01 - 00000000 ____D () C:\Users\VT\AppData\Local\Ozics
2015-04-13 22:18 - 2015-02-06 22:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-13 22:18 - 2015-02-06 22:45 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Autodesk
2015-04-13 22:18 - 2015-02-05 22:56 - 00000000 ____D () C:\Users\VT\AppData\Roaming\uTorrent
2015-04-13 22:18 - 2015-02-05 21:29 - 00000000 ____D () C:\Users\VT\AppData\Roaming\GHISLER
2015-04-13 22:18 - 2015-02-05 01:15 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Winamp
2015-04-13 22:18 - 2015-02-05 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-13 22:18 - 2015-02-04 23:53 - 00000000 ____D () C:\Users\VT\AppData\Roaming\vlc
2015-04-13 22:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-13 22:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-13 22:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-13 21:22 - 2015-02-27 08:29 - 00000000 ____D () C:\Users\VT\AppData\Local\UVWmedia
2015-04-13 21:22 - 2015-02-04 23:06 - 01515016 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 21:22 - 2015-01-29 20:36 - 00064003 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-13 21:20 - 2015-02-05 00:20 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-13 21:20 - 2015-02-05 00:19 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 21:20 - 2015-02-04 23:07 - 00000000 ____D () C:\Users\VT
2015-04-13 21:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 21:20 - 2009-07-14 06:51 - 00083591 _____ () C:\Windows\setupact.log
2015-04-13 21:01 - 2015-02-12 00:13 - 00002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-04-13 21:01 - 2015-02-12 00:13 - 00000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-04-09 21:29 - 2015-02-05 00:19 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 21:19 - 2015-02-06 21:40 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 20:28 - 2011-04-12 10:34 - 00668540 _____ () C:\Windows\system32\perfh005.dat
2015-04-09 20:28 - 2011-04-12 10:34 - 00141200 _____ () C:\Windows\system32\perfc005.dat
2015-04-09 20:28 - 2009-07-14 07:13 - 01583214 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 20:28 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 20:28 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 08:13 - 2015-02-06 00:43 - 00000000 ____D () C:\Users\VT\AppData\Local\Adobe
2015-04-09 08:03 - 2015-02-04 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 19:55 - 2015-02-11 00:23 - 00000000 ____D () C:\Users\VT\AppData\Roaming\MediaMonkey
2015-04-06 19:42 - 2015-01-29 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-03 20:33 - 2015-02-06 21:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-03 20:33 - 2015-02-06 21:40 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-03 20:33 - 2015-02-06 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-03 20:33 - 2015-02-05 01:05 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Skype
2015-04-03 20:32 - 2014-02-18 17:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 09:31 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 01:44 - 2015-02-05 23:40 - 00000000 ____D () C:\Users\VT\AppData\Local\Microsoft Help
2015-03-26 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-16 23:55 - 2015-02-05 01:20 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Files in the root of some directories =======

2015-02-12 00:13 - 2015-04-13 21:01 - 0002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-02-12 00:13 - 2015-04-13 21:01 - 0000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-02-23 21:30 - 2015-02-23 21:30 - 0001456 _____ () C:\Users\VT\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-13 23:54 - 2015-02-13 23:54 - 0000017 _____ () C:\Users\VT\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\ProgramData\Microsoft\Security\Client\temp\tmpFF83.exe


Some content of TEMP:
====================
C:\Users\VT\AppData\Local\Temp\AcDeltree.exe
C:\Users\VT\AppData\Local\Temp\AskSLib.dll
C:\Users\VT\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\VT\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\VT\AppData\Local\Temp\nvStInst.exe
C:\Users\VT\AppData\Local\Temp\ose00000.exe
C:\Users\VT\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\VT\AppData\Local\Temp\vrayuninst.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 20:52

==================== End Of Log ============================

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 20:34
od altrok
Je dobre, ze se PC rozjel aspon po bodu obnoveni. Mate tam ne zrovna castou, ale docela hnusnou havet, proto prislo upozorneni na zazalohovani dat, ktere bezne nedavam.

Kroky z meho predchazejiciho postu zustavaji.

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 20:47
od Bukvoj
OK, ještě upřesním...mám v počítači dva disky, data o která bych nerad přišel jsou na D:, sólo fyzický disk. Systém a všechny programy jedou na C:, kde žádná data neukládám. Bohužel nemám žádný velký externí disk, kam bych data z D: zazálohoval a trvalo by asi pár dní, než bych nějaký sehnal. Jsou data na Dčku hodně ohrožená (předpokládám, že v případě kolapsu by šlo disk jednoduše vyndat a připojit v jiném kompu...

Díky VT

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 20:58
od altrok
Bukvoj píše:předpokládám, že v případě kolapsu by šlo disk jednoduše vyndat a připojit v jiném kompu...
Mam stejny nazor. Dle logu je havet jen na C:, takze druhemu disku by se nemelo nic stat.

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:19
od Bukvoj
První čištění hotové. Po restartu se spustilo okno Chromu (už jsem toto viděl asi před měsícem a zavřel ho), připojuju screen. Log z AwdCleaneru zde:

# AdwCleaner v4.201 - Log vytvořen 13/04/2015 v 22:12:57
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : VT - VT-PC
# Spuštěno z : C:\Users\VT\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Prohlížeče ] *****

-\\ Internet Explorer v10.0.9200.17267


-\\ Mozilla Firefox v37.0.1 (x86 cs)


-\\ Google Chrome v41.0.2272.118

[C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [1143 bytů] - [13/04/2015 22:11:46]
AdwCleaner[S0].txt - [1065 bytů] - [13/04/2015 22:12:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1123 bytů] ##########

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:29
od altrok
:arrow: Mate v PC 2 antiviry - MSE a avast... doporucuji MSE odinstalovat.

:arrow: Zacneme zlehka cistit.

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\4e6ca7df-a964-421d-9c54-c52ca481496e.exe [183232 2015-04-13] (AVAST Software)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [{80C9987B-3E6E-48E7-C19D-D4664F713275}] => C:\ProgramData\Microsoft\Security\Client\temp\tmpFF83.exe [294912 2015-04-09] () <===== ATTENTION
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [UVWmedia] => C:\Users\VT\AppData\Local\UVWmedia\tmpFF83.exe [294912 2015-04-09] ()
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [Eltion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\VT\AppData\Local\UVWmedia\New.dll
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
CMD: del "C:\Windows\system32\Drivers\asw*.tmp"
Unlock: C:\ProgramData\Microsoft\Security\Client\temp
C:\ProgramData\Microsoft\Security\Client\temp
Unlock: C:\Users\VT\AppData\Local\UVWmedia
C:\Users\VT\AppData\Local\UVWmedia
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Hosts:
EmptyTemp:
End

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:44
od Bukvoj
MSE už jsem odinstalovával, zároveň s tím jsem ale vypínal IE. Potom se počítač zhroutil, jak už jsem psal. MSE vyhodím, hned jak počítač vyčístíme, nechtěl jsem ryskovat, že zas budu muset všechno dělat znovu z bodu obnovení systému. fixlist zde:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by VT at 2015-04-13 22:38:13 Run:1
Running from C:\Users\VT\Desktop
Loaded Profiles: VT (Available profiles: VT)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\4e6ca7df-a964-421d-9c54-c52ca481496e.exe [183232 2015-04-13] (AVAST Software)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [{80C9987B-3E6E-48E7-C19D-D4664F713275}] => C:\ProgramData\Microsoft\Security\Client\temp\tmpFF83.exe [294912 2015-04-09] () <===== ATTENTION
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [UVWmedia] => C:\Users\VT\AppData\Local\UVWmedia\tmpFF83.exe [294912 2015-04-09] ()
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Run: [Eltion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\VT\AppData\Local\UVWmedia\New.dll
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
CMD: del "C:\Windows\system32\Drivers\asw*.tmp"
Unlock: C:\ProgramData\Microsoft\Security\Client\temp
C:\ProgramData\Microsoft\Security\Client\temp
Unlock: C:\Users\VT\AppData\Local\UVWmedia
C:\Users\VT\AppData\Local\UVWmedia
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Family Tree Builder Update => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\20150107 => Value not found.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{80C9987B-3E6E-48E7-C19D-D4664F713275} => Value not found.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UVWmedia => Value not found.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Eltion => value deleted successfully.
HKU\S-1-5-21-3326361065-4142631383-672199101-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.

========= del "C:\Windows\system32\Drivers\asw*.tmp" =========

Nelze naj�t C:\Windows\system32\Drivers\asw*.tmp.

========= End of CMD: =========

"C:\ProgramData\Microsoft\Security\Client\temp" => File/Directory unlocked successfully.
C:\ProgramData\Microsoft\Security\Client\temp => Moved successfully.
"C:\Users\VT\AppData\Local\UVWmedia" => File/Directory unlocked successfully.
C:\Users\VT\AppData\Local\UVWmedia => Moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:38:30 ====

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:47
od altrok
Dobre. Dejte aktualni log FRST, prilozte i Addition.

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:52
od Bukvoj
Aktual log FRST, addition v příloze

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by VT (administrator) on VT-PC on 13-04-2015 22:49:28
Running from C:\Users\VT\Desktop
Loaded Profiles: VT (Available profiles: VT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
() C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
HKLM-x32\...\Run: [LWBKEYLOCK] => C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe [310784 2008-05-02] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-07] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-07] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Extension: YouTube Enhancer Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-05]
FF Extension: Adblock Plus - C:\Users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-09]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Avast Online Security) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\VT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-07] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-02-06] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-07] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-05] (Disc Soft Ltd)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\system32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-07] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 22:49 - 2015-04-13 22:49 - 00017911 _____ () C:\Users\VT\Desktop\FRST.txt
2015-04-13 22:11 - 2015-04-13 22:12 - 00000000 ____D () C:\AdwCleaner
2015-04-13 22:10 - 2015-04-13 22:10 - 02217984 _____ () C:\Users\VT\Desktop\adwcleaner_4.201.exe
2015-04-13 21:21 - 2015-04-13 21:21 - 02096640 _____ (Farbar) C:\Users\VT\Desktop\FRST64.exe
2015-04-13 21:20 - 2015-04-13 21:20 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 21:20 - 2015-03-07 20:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-12 22:37 - 2015-04-13 22:49 - 00000000 ____D () C:\FRST
2015-04-09 22:19 - 2015-04-13 22:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-09 22:19 - 2015-04-13 22:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 21:18 - 2015-04-08 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 19:41 - 2015-04-13 22:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 19:41 - 2015-03-13 21:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 21:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-06 19:41 - 2015-03-13 18:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-06 19:41 - 2015-03-13 18:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-06 19:41 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-06 19:41 - 2015-03-11 15:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 19:40 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-06 19:40 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-06 19:40 - 2015-03-13 21:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-04 08:30 - 2015-04-13 22:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 08:30 - 2015-04-04 08:30 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\Users\VT\AppData\Local\Skype
2015-04-03 20:32 - 2015-04-03 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-02 08:33 - 2015-02-23 12:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 08:33 - 2015-02-23 12:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-02 08:33 - 2015-02-23 12:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 08:33 - 2015-02-23 12:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 08:33 - 2015-02-23 12:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 08:33 - 2015-02-23 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-02 08:33 - 2015-02-23 12:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 08:33 - 2015-02-23 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-02 08:33 - 2015-02-23 10:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 08:33 - 2015-02-23 10:25 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-02 08:33 - 2015-02-21 07:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(554).dll
2015-04-02 08:33 - 2015-02-21 07:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(553).dll
2015-04-02 08:33 - 2015-02-21 07:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-02 08:33 - 2015-02-21 07:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-02 08:33 - 2015-02-21 07:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-02 08:33 - 2015-02-21 07:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-02 08:33 - 2015-02-21 07:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-02 08:33 - 2015-02-21 07:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-02 08:33 - 2015-02-21 06:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-02 08:33 - 2015-02-21 06:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-03-31 21:26 - 2015-03-31 21:26 - 00000000 ____D () C:\Users\VT\AppData\Roaming\dvdcss
2015-03-25 23:43 - 2015-03-25 23:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 23:43 - 2015-03-25 23:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Sun
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-25 23:43 - 2015-03-25 23:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Users\VT\AppData\Local\DOSBox
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-03-24 22:58 - 2015-03-24 22:58 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 22:46 - 2011-04-12 10:34 - 00668540 _____ () C:\Windows\system32\perfh005.dat
2015-04-13 22:46 - 2011-04-12 10:34 - 00141200 _____ () C:\Windows\system32\perfc005.dat
2015-04-13 22:46 - 2009-07-14 07:13 - 01583214 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 22:46 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 22:46 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 22:42 - 2015-02-04 23:06 - 01573827 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 22:41 - 2015-01-29 20:36 - 00064605 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-13 22:39 - 2015-02-05 00:19 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 22:39 - 2010-11-21 05:47 - 00018512 _____ () C:\Windows\PFRO.log
2015-04-13 22:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 22:39 - 2009-07-14 06:51 - 00083927 _____ () C:\Windows\setupact.log
2015-04-13 22:29 - 2015-02-05 00:19 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 22:19 - 2015-02-06 21:40 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 22:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-13 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-13 22:18 - 2015-03-07 20:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-04-13 22:18 - 2015-03-07 20:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-04-13 22:18 - 2015-03-03 20:01 - 00000000 ____D () C:\Users\VT\AppData\Local\Ozics
2015-04-13 22:18 - 2015-02-06 22:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-13 22:18 - 2015-02-06 22:45 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Autodesk
2015-04-13 22:18 - 2015-02-05 22:56 - 00000000 ____D () C:\Users\VT\AppData\Roaming\uTorrent
2015-04-13 22:18 - 2015-02-05 21:29 - 00000000 ____D () C:\Users\VT\AppData\Roaming\GHISLER
2015-04-13 22:18 - 2015-02-05 01:15 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Winamp
2015-04-13 22:18 - 2015-02-05 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-13 22:18 - 2015-02-04 23:53 - 00000000 ____D () C:\Users\VT\AppData\Roaming\vlc
2015-04-13 22:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-13 22:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-13 22:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-13 22:11 - 2015-02-06 00:43 - 00000000 ____D () C:\Users\VT\AppData\Local\Adobe
2015-04-13 21:20 - 2015-02-05 00:20 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-13 21:20 - 2015-02-04 23:07 - 00000000 ____D () C:\Users\VT
2015-04-13 21:01 - 2015-02-12 00:13 - 00002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-04-13 21:01 - 2015-02-12 00:13 - 00000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-04-09 08:03 - 2015-02-04 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 19:55 - 2015-02-11 00:23 - 00000000 ____D () C:\Users\VT\AppData\Roaming\MediaMonkey
2015-04-06 19:42 - 2015-01-29 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-06 19:41 - 2015-01-29 20:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 19:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-03 20:33 - 2015-02-06 21:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-03 20:33 - 2015-02-06 21:40 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-03 20:33 - 2015-02-06 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-03 20:33 - 2015-02-05 01:05 - 00000000 ____D () C:\Users\VT\AppData\Roaming\Skype
2015-04-03 20:32 - 2014-02-18 17:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2015-01-29 20:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2015-01-29 20:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 09:31 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 01:44 - 2015-02-05 23:40 - 00000000 ____D () C:\Users\VT\AppData\Local\Microsoft Help
2015-03-26 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-16 23:55 - 2015-02-05 01:20 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Files in the root of some directories =======

2015-02-12 00:13 - 2015-04-13 21:01 - 0002048 _____ () C:\Users\VT\AppData\Roaming\mouse.dat
2015-02-12 00:13 - 2015-04-13 21:01 - 0000256 _____ () C:\Users\VT\AppData\Roaming\setup.dat
2015-02-23 21:30 - 2015-02-23 21:30 - 0001456 _____ () C:\Users\VT\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-13 23:54 - 2015-02-13 23:54 - 0000017 _____ () C:\Users\VT\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 20:52

==================== End Of Log ============================

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 21:58
od altrok
:arrow: MSE jste instaloval sam? Stale vyskakuje hlaseni o zablokovane infekci?


:arrow: Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
:arrow: Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete antiviry a vsechny real-time ochrany
  • spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
  • s licencnimi podminkami souhlaste - Ano
  • pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
  • v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
  • vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 22:08
od Bukvoj
MSE přišlo nainstalované továrně. Když mi to tady začalo haprovat, zmátla mě cesta k infikovaným souborům (...microsoft\security\client...), takže jsem ho odinstaloval...a když to nepomohlo, tak jsem instalaci obnovoval. Když jsem MSE společně s IE (který se skrytě spouštěl a asi spamoval) vyhodil, systém zkolaboval...

Jdu použít ty utility, co jse mi navrhnul

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 22:23
od Bukvoj
Log RKILL:

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/13/2015 11:13:02 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/13/2015 11:13:11 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

---------------------------------------------------------------------------------------------------------------------------------------


A log Combofix:

ComboFix 15-04-09.01 - VT 13.04.2015 23:15:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16320.13927 [GMT 2:00]
Spuštěný z: c:\users\VT\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-13 do 2015-04-13 )))))))))))))))))))))))))))))))
.
.
2015-04-13 21:18 . 2015-04-13 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-13 20:39 . 2015-03-26 17:48 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A20F566-8D8C-762D-C6DE-5DCE5E404868}\GapaEngine.dll
2015-04-13 20:11 . 2015-04-13 20:12 -------- d-----w- C:\AdwCleaner
2015-04-13 19:22 . 2015-03-14 01:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F8565B3-1F80-49FE-B30B-0E83B2079FB0}\mpengine.dll
2015-04-13 19:20 . 2015-03-07 18:23 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-12 20:37 . 2015-04-13 20:50 -------- d-----w- C:\FRST
2015-04-09 20:19 . 2015-04-13 20:18 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-09 20:19 . 2015-04-13 20:18 -------- d-----w- c:\windows\system32\appraiser
2015-04-08 06:45 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-06 17:41 . 2015-03-13 15:38 622224 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-04-06 17:41 . 2015-04-13 20:39 -------- d-----w- c:\programdata\NVIDIA
2015-04-06 17:41 . 2015-03-13 16:16 6861968 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-06 17:41 . 2015-03-13 16:16 3526856 ----a-w- c:\windows\system32\nvsvc64.dll
2015-04-06 17:41 . 2015-03-13 16:16 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-06 17:41 . 2015-03-13 16:16 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-04-06 17:41 . 2015-03-13 16:16 386248 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-06 17:41 . 2015-03-13 16:16 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-06 17:41 . 2015-03-11 13:10 4246327 ----a-w- c:\windows\system32\nvcoproc.bin
2015-04-06 17:41 . 2015-03-13 19:41 73872 ----a-w- c:\windows\system32\OpenCL.dll
2015-04-06 17:41 . 2015-03-13 19:41 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-04-04 06:30 . 2015-04-13 20:18 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 06:30 . 2015-04-04 06:30 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-03 18:32 . 2015-04-03 18:32 -------- d-----w- c:\users\VT\AppData\Local\Skype
2015-04-03 18:32 . 2015-04-03 18:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-04-03 18:32 . 2015-04-03 18:32 -------- d-----r- c:\program files (x86)\Skype
2015-03-31 19:26 . 2015-03-31 19:26 -------- d-----w- c:\users\VT\AppData\Roaming\dvdcss
2015-03-31 18:46 . 2015-03-26 17:48 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06259846-655A-4BB3-8FE2-AFFAD0B02860}\gapaengine.dll
2015-03-26 17:48 . 2015-03-26 17:48 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 21:43 . 2015-03-25 21:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-25 21:43 . 2015-03-25 21:43 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-25 21:43 . 2015-03-25 21:44 -------- d-----w- c:\programdata\Oracle
2015-03-25 21:43 . 2015-03-25 21:43 -------- d-----w- c:\program files (x86)\Java
2015-03-24 20:58 . 2015-03-24 20:58 -------- d-----w- c:\users\VT\AppData\Local\DOSBox
2015-03-24 20:58 . 2015-03-24 20:58 -------- d-----w- c:\program files (x86)\DOSBox-0.74
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-03 18:33 . 2015-02-06 19:40 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-03 18:33 . 2015-02-05 23:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-28 03:44 . 2015-01-29 18:29 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:44 . 2015-01-29 18:29 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:43 . 2015-01-29 18:29 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2015-01-29 18:29 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-12 00:38 . 2014-02-18 14:47 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-07 18:23 . 2015-02-04 22:19 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-07 18:23 . 2015-02-04 22:19 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-07 18:23 . 2015-02-04 22:19 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-07 18:23 . 2015-02-04 22:19 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-07 18:23 . 2015-02-04 22:19 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-07 18:23 . 2015-02-04 22:19 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-07 18:23 . 2015-02-04 22:19 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-07 18:23 . 2015-03-07 18:23 43112 ----a-w- c:\windows\avastSS.scr
2015-03-07 18:23 . 2015-02-04 22:19 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-06 05:56 . 2015-03-11 06:58 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 06:58 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 06:58 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 06:58 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 06:58 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 06:58 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 06:58 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 06:58 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 06:58 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 06:58 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 06:58 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 06:58 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 06:58 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 06:58 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 06:58 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 06:58 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 06:58 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 06:58 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 06:58 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 06:58 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 06:58 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 06:58 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 06:58 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 06:58 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 06:58 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 06:58 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 06:58 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 06:58 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 06:58 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 06:58 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 06:58 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-26 03:25 . 2015-03-11 06:58 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-22 20:58 . 2015-02-22 20:58 2165760 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityHelper.dll
2015-02-22 20:58 . 2015-02-22 20:58 2622464 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
2015-02-20 04:41 . 2015-03-11 06:59 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 06:59 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 06:59 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 06:59 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 06:59 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 06:59 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 06:59 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 06:59 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 06:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 06:59 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 06:58 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-05 22:20 . 2015-02-05 22:21 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2015-02-05 21:32 . 2015-02-05 21:32 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-02-04 03:16 . 2015-03-11 06:58 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 06:58 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 06:59 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 06:59 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-03 03:34 . 2015-03-11 06:59 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 06:59 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 06:59 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 06:59 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 06:59 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 06:58 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 06:58 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 06:59 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-03 03:31 . 2015-03-11 06:59 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-03 03:31 . 2015-03-11 06:59 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 06:59 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 06:59 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 06:59 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 06:59 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 06:59 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 06:59 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 06:59 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 06:59 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 06:59 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 06:59 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 06:59 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 06:59 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 06:59 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 06:59 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 06:59 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 06:59 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 06:59 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 06:59 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 06:59 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 06:59 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 06:59 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 06:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-18 5511352]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-12-03 840592]
"Fujitsu Mouse"="c:\program files (x86)\Fujitsu Mouse\DriverSt.exe" [2012-08-21 184393]
"LWBKEYLOCK"="c:\program files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe" [2008-05-02 310784]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-12-05 493960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;c:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe;c:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 NVSWCFilter;NVIDIA SHIELD Wireless Controller Trackpad Service;c:\windows\system32\drivers\nvswcfilter.sys;c:\windows\SYSNATIVE\drivers\nvswcfilter.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 06:29 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06 18:33]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 22:19]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04 22:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-07 18:23 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-29 7203032]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\VT\AppData\Roaming\Mozilla\Firefox\Profiles\52v48myu.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-13 23:19:57
ComboFix-quarantined-files.txt 2015-04-13 21:19
.
Před spuštěním: Volných bajtů: 93 673 603 072
Po spuštění: Volných bajtů: 93 517 058 048
.
- - End Of File - - 735F51CB227B09C1B2182E2C07FF6535
A36C5E4F47E84449FF07ED3517B43A31

Re: Stále znovu se objevující virus

Napsal: 13 dub 2015 22:40
od altrok
:arrow: Pokud jeste nemate, presunte ComboFix na plochu.
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

Folder::
c:\programdata\Microsoft\Security\Client
C:\Users\VT\AppData\Local\Ozics
C:\User\VT\AppData\UVWMedia

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz