VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=145386

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 26 črc 2015 12:22
od tommyecstasy
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Tommy (administrator) on NOTEBOOK (26-07-2015 13:10:19)
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy (Available Profiles: Tommy & fbwuserAC58 & fbwuser0380 & fbwuserAA26)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Tommy\AppData\Roaming\Microsoft\Networking\winnet32b.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BitTorrent, Inc.) C:\Users\Tommy\AppData\Roaming\uTorrent\utorrent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Tommy\AppData\Roaming\Microsoft\Networking\inet32upd.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Tommy\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6346312 2013-03-15] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-21] (Valve Corporation)
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [Viber] => C:\Users\Tommy\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [8473600 2014-06-18] (Visicom Media Inc.)
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-04-25] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-519416623-3729245940-3840813702-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-519416623-3729245940-3840813702-1002 -> {0793C111-8897-4BE4-A944-8D205C83C8D3} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{7E4F0C1C-D306-4D64-8AA1-ADBF680FAFEE}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{958C7831-E326-4F87-BB54-14AC126C1000}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{A4A8E28F-CAFB-4CD1-99E7-65528CF513F2}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\1hye2z8g.default
FF NetworkProxy: "backup.ftp", "78.128.178.106"
FF NetworkProxy: "backup.ftp_port", 21320
FF NetworkProxy: "backup.socks", "78.128.178.106"
FF NetworkProxy: "backup.socks_port", 21320
FF NetworkProxy: "backup.ssl", "78.128.178.106"
FF NetworkProxy: "backup.ssl_port", 21320
FF NetworkProxy: "ftp", "88.150.136.181"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "88.150.136.181"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "88.150.136.181"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-20] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-519416623-3729245940-3840813702-1002: @hola.org/vlc,version=1.7.78 -> C:\Users\Tommy\AppData\Local\Hola\firefox\app\vlc No File
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-07-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-02-28] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2013-01-01] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [20816 2013-02-20] (ELAN Microelectronic Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-15] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 13:10 - 2015-07-26 13:10 - 00023396 _____ C:\Users\Tommy\Desktop\FRST.txt
2015-07-26 13:09 - 2015-07-26 13:10 - 00000000 ____D C:\FRST
2015-07-26 13:08 - 2015-07-26 13:09 - 00112640 _____ (forum.viry.cz) C:\Users\Tommy\Desktop\FRSTLauncher.exe
2015-07-26 13:07 - 2015-07-26 13:07 - 02146816 _____ (Farbar) C:\Users\Tommy\Desktop\FRST64.exe
2015-07-26 07:07 - 2015-07-26 07:07 - 00000000 ____D C:\WINDOWS\LastGood
2015-07-26 07:07 - 2015-07-26 07:07 - 00000000 ____D C:\Program Files\TAP-Windows
2015-07-25 11:34 - 2015-07-25 11:34 - 00000000 ____D C:\Users\Tommy\AppData\Local\Intel
2015-07-25 11:32 - 2015-07-25 11:32 - 00017146 _____ C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.113247.wdl
2015-07-25 11:30 - 2015-07-25 11:33 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Intel WiDi
2015-07-25 11:30 - 2015-07-25 11:30 - 00000000 ____D C:\Users\Tommy\AppData\Local\Intel WiDi
2015-07-25 11:29 - 2015-07-25 11:30 - 00018620 _____ C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.112913.wdl
2015-07-25 11:28 - 2015-07-25 11:28 - 00014960 _____ C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.112836.wdl
2015-07-25 11:28 - 2015-07-25 11:28 - 00005473 _____ C:\WirelessDiagLog.csv
2015-07-24 19:17 - 2015-07-24 19:17 - 00000000 ___SH C:\DkHyperbootSync
2015-07-24 14:34 - 2015-07-03 06:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-24 14:34 - 2015-07-03 06:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-23 08:49 - 2015-07-23 08:49 - 00001282 _____ C:\Users\Tommy\AppData\Local\recently-used.xbel
2015-07-23 08:36 - 2015-07-23 08:36 - 00000000 ____D C:\Users\Tommy\AppData\Local\CEF
2015-07-22 14:35 - 2015-07-22 14:35 - 00342704 _____ C:\WINDOWS\Minidump\072215-124406-01.dmp
2015-07-22 14:32 - 2015-07-22 14:32 - 00000000 __SHD C:\found.000
2015-07-20 11:15 - 2015-07-20 11:16 - 00000000 ____D C:\AdwCleaner
2015-07-20 11:00 - 2015-07-22 14:35 - 00000021 _____ C:\WINDOWS\S.dirmngr
2015-07-20 07:08 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-20 07:08 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-20 07:08 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-20 07:08 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-20 07:08 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-20 07:08 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-20 07:08 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-20 07:08 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-18 08:04 - 2015-07-18 08:04 - 00000562 _____ C:\WINDOWS\wmsetup.log
2015-07-18 08:04 - 2015-07-18 08:04 - 00000000 ____D C:\Users\Tommy\Documents\DeadIsland
2015-07-18 06:43 - 2015-07-18 06:44 - 00374384 _____ C:\WINDOWS\Minidump\071815-33062-01.dmp
2015-07-15 15:20 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 15:20 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 15:19 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 15:19 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 15:19 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 15:19 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 15:19 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-12 19:46 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-07-12 07:03 - 2015-07-12 07:23 - 00000000 ____D C:\Users\Tommy\Documents\OpenTTD
2015-07-11 11:37 - 2015-07-11 11:37 - 00001104 _____ C:\Users\fbwuserAC58\Desktop\DubIt.lnk
2015-07-11 11:37 - 2015-07-11 11:37 - 00001104 _____ C:\Users\fbwuserAA26\Desktop\DubIt.lnk
2015-07-11 11:37 - 2015-07-11 11:37 - 00001104 _____ C:\Users\fbwuser0380\Desktop\DubIt.lnk
2015-07-11 11:36 - 2015-07-11 11:36 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DubIt
2015-07-11 11:36 - 2015-07-11 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DubIt
2015-07-11 11:36 - 2015-07-11 11:36 - 00000000 ____D C:\Program Files (x86)\TechSmith
2015-07-11 08:20 - 2015-07-11 08:20 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum
2015-07-11 08:20 - 2015-07-11 08:20 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Electrum
2015-07-11 08:20 - 2015-07-11 08:20 - 00000000 ____D C:\Program Files (x86)\Electrum
2015-07-09 17:07 - 2015-07-09 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 13:03 - 2015-02-15 19:41 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\uTorrent
2015-07-26 13:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-26 12:04 - 2015-02-28 04:34 - 01241294 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-26 07:14 - 2015-02-15 19:36 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\ClassicShell
2015-07-26 07:10 - 2015-04-11 16:20 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-26 05:41 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-26 05:36 - 2015-04-15 17:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-26 05:36 - 2015-04-15 17:48 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-26 05:36 - 2015-02-23 18:34 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-26 05:36 - 2014-11-21 14:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-26 03:33 - 2015-02-15 19:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-519416623-3729245940-3840813702-1002
2015-07-25 12:17 - 2015-02-15 13:19 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Audacity
2015-07-25 11:36 - 2013-05-29 22:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-25 11:35 - 2013-05-29 22:48 - 00000000 ____D C:\ProgramData\Intel
2015-07-25 11:30 - 2013-08-22 16:46 - 00387079 _____ C:\WINDOWS\setupact.log
2015-07-25 11:30 - 2013-05-29 22:36 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-24 14:41 - 2015-02-15 19:42 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\ViberPC
2015-07-24 14:41 - 2015-02-15 19:40 - 00000000 ____D C:\Users\Tommy\AppData\Local\Viber
2015-07-24 14:35 - 2015-02-28 04:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-24 11:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-23 10:06 - 2015-02-15 13:50 - 02927616 ___SH C:\Users\Tommy\Desktop\Thumbs.db
2015-07-23 08:50 - 2015-04-04 13:01 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\gnupg
2015-07-23 08:49 - 2015-04-04 13:06 - 00000000 ____D C:\Users\Tommy\AppData\Local\gtk-2.0
2015-07-23 08:36 - 2015-02-15 19:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-23 08:34 - 2015-02-28 10:14 - 00000000 __RDO C:\Users\Tommy\OneDrive
2015-07-23 08:34 - 2015-02-28 04:48 - 00000000 ____D C:\Users\Tommy
2015-07-22 14:35 - 2015-06-04 21:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-22 14:35 - 2015-02-28 04:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-22 14:35 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-22 14:33 - 2015-06-04 21:10 - 1136465229 _____ C:\WINDOWS\MEMORY.DMP
2015-07-22 08:43 - 2015-04-18 15:12 - 00000000 ____D C:\Users\Tommy\Desktop\Dropbox
2015-07-20 12:32 - 2015-02-15 19:46 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Skype
2015-07-20 11:24 - 2015-02-15 12:09 - 00000000 ____D C:\Users\Tommy\AppData\Local\Adobe
2015-07-20 08:42 - 2014-11-20 21:43 - 00011100 _____ C:\WINDOWS\PFRO.log
2015-07-20 08:42 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 08:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-20 08:37 - 2015-05-10 09:27 - 00000000 ____D C:\Wooxy
2015-07-19 15:47 - 2015-02-18 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-19 08:35 - 2015-02-28 15:58 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\MultiBit
2015-07-18 12:21 - 2015-05-10 17:55 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\TS3Client
2015-07-14 21:06 - 2015-04-26 22:23 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-14 21:06 - 2015-04-26 22:23 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-14 21:05 - 2015-04-26 22:23 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-14 21:05 - 2015-04-26 22:23 - 01710056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-13 23:10 - 2014-11-21 14:21 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2014-11-21 14:21 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 19:57 - 2015-03-06 13:14 - 00000000 ____D C:\Users\Tommy\Desktop\Hack_AP 4.3.4 by Akatsuki Tutoriales
2015-07-13 19:55 - 2015-05-12 18:34 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Java
2015-07-12 19:33 - 2015-02-15 19:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-11 07:01 - 2015-06-23 16:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-09 17:38 - 2015-05-19 07:49 - 00000000 ____D C:\Users\fbwuserAC58
2015-07-09 17:38 - 2015-05-19 07:49 - 00000000 ____D C:\Users\fbwuserAA26
2015-07-09 17:38 - 2015-05-19 07:49 - 00000000 ____D C:\Users\fbwuser0380
2015-07-09 14:42 - 2013-05-29 23:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-07-03 08:43 - 2015-02-18 19:57 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-03 06:28 - 2015-04-26 22:20 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

==================== Files in the root of some directories =======

2015-04-25 09:45 - 2015-05-09 15:45 - 0000132 _____ () C:\Users\Tommy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-05-03 11:10 - 2015-05-03 11:14 - 0000207 _____ () C:\Users\Tommy\AppData\Roaming\Dll-Host.exe.tmp
2015-07-23 08:49 - 2015-07-23 08:49 - 0001282 _____ () C:\Users\Tommy\AppData\Local\recently-used.xbel
2015-07-25 11:28 - 2015-07-25 11:28 - 0014960 _____ () C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.112836.wdl
2015-07-25 11:29 - 2015-07-25 11:30 - 0018620 _____ () C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.112913.wdl
2015-07-25 11:32 - 2015-07-25 11:32 - 0017146 _____ () C:\Users\Tommy\AppData\Local\WiDiSetupLog.20150725.113247.wdl
2013-05-29 23:15 - 2013-05-29 23:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-29 23:17 - 2013-05-29 23:17 - 0000198 ____H () C:\ProgramData\Lenovo-4734.vbs
2013-05-29 23:18 - 2013-05-29 23:18 - 0000198 ____H () C:\ProgramData\Lenovo-4799.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-4734.vbs
C:\ProgramData\Lenovo-4799.vbs


Some files in TEMP:
====================
C:\Users\Tommy\AppData\Local\Temp\Bass.dll
C:\Users\Tommy\AppData\Local\Temp\Bass.Net.dll
C:\Users\Tommy\AppData\Local\Temp\bdfilters.dll
C:\Users\Tommy\AppData\Local\Temp\Chrome Crypter v5.7 jomgegar.com.exe
C:\Users\Tommy\AppData\Local\Temp\electrum-2.3.2.exe
C:\Users\Tommy\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.7.78.exe
C:\Users\Tommy\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Tommy\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tommy\AppData\Local\Temp\nvStInst.exe
C:\Users\Tommy\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Tommy\AppData\Local\Temp\Quarantine.exe
C:\Users\Tommy\AppData\Local\Temp\SIntf16.dll
C:\Users\Tommy\AppData\Local\Temp\SIntf32.dll
C:\Users\Tommy\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tommy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tommy\AppData\Local\Temp\sqlite3.dll
C:\Users\Tommy\AppData\Local\Temp\upnp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-26 05:35




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:853.4 GB) (Free:575.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.14 GB) NTFS

Available physical RAM: 11383 MB
Total physical RAM: 16178.27 MB
Percentage of memory in use: 29%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 22.4 GB) (Disk ID: B4BE3D14)
Disk: 1 (Size: 931.5 GB) (Disk ID: B4BE3D15)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Tommy\OneDrive:ms-properties

==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Tommy\Desktop" je 10417 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Prosím o kontrolu logu

Napsal: 26 črc 2015 12:28
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Prosím o kontrolu logu

Napsal: 26 črc 2015 12:39
od tommyecstasy
# AdwCleaner v4.208 - Log vytvořen 26/07/2015 v 13:31:50
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-26.1 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : Tommy - NOTEBOOK
# Spuštěno z : C:\Users\Tommy\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 cs)


*************************

AdwCleaner[R0].txt - [1848 bytů] - [20/07/2015 11:15:42]
AdwCleaner[R1].txt - [853 bytů] - [26/07/2015 13:30:59]
AdwCleaner[S0].txt - [1752 bytů] - [20/07/2015 11:16:26]
AdwCleaner[S1].txt - [779 bytů] - [26/07/2015 13:31:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [836 bytů] ##########

Re: Prosím o kontrolu logu

Napsal: 26 črc 2015 15:56
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-519416623-3729245940-3840813702-1002\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-519416623-3729245940-3840813702-1002 -> {0793C111-8897-4BE4-A944-8D205C83C8D3} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
C:\ProgramData\Lenovo-4734.vbs
C:\ProgramData\Lenovo-4799.vbs
C:\Users\Tommy\AppData\Local\Temp
AlternateDataStreams: C:\Users\Tommy\OneDrive:ms-properties
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Tommy\Desktop" je 10417 MB.
To je příliš mnoho a může to způsobovat zpomalený start systému. Vtvořte nový adresář v C:\Users\Tommy, do něhož přesuňte všechna data (na ploše ponechte pouze zástupce). Pro snazší přístup si dejte na plochu zástupce té složky.

V systému vidím 2 antiviry (Eset a McAfee). Jeden z nich odinstalujte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz