VIRY.CZ

Ahoj mam taký problém sestra doniesla z univerzity totalne rozhadzane USB jednoducho nezmyselne nazvy suborov a documenty co mala v zlozkach rozhadzane kade tade.

Od vtedy ako sa to USB dostalo do mojho PC zakazdym ked tam vlozim nejake ine usb vsetky zlozky na nom sa zmenia na odkazy (ktore odkazujú na WINDOWS/SYTEM32/CMD.EXE) a pridá tam zlozku SYSTEM VOLUME INFORMATION, ktora tam doteraz nikdy nebola... ked ju odstranim objavi sa tam za 2 sekundy znova....

obcas ked dam ten odkaz (zlozku )spustit ako spravca vypise mi to chybu "Windows nemoze najst subot tmp7B63.tmp.js"

Pocitac z casu na cas ked je dlhsie pouzivany vykazuje 100 % vyuzite RAM ... no v spravcovy uloh a monitore prostriedkov su potvrdene iba 2GB / 4GB ... 2GB sú neznáme. :-/

Este som si vsimol ze od vtedy ako sa zacalo toto diat tak moj HDD 7200 RPM zacal vydvat divne zvuky ako keby ta citacia ruka behala zo strany na stranu :nea:

Mam kupeny norton 360, kontaktoval som podporu no nevedia mi zatial pomoct. :-/

Nemáte nejaké skúsenosti ? rady? návrhy ? dost by mi to pomohlo

Screeny

http://s23.postimg.org/tucc0xex7/virusis.jpg

PS nemam tusenia ako sem vlozit LOG aby nebol na celu obrazovku ... zisla by sa funkcia spoiler alebo tak nieco

Boot mode: Normal
Logfile of random's system information tool 1.10 (written by random/random)
Run by Rodina at 2015-12-04 23:03:59
Microsoft Windows 10 Home
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 4055 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:12, on 4. 12. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe
C:\WINDOWS\SysWOW64\runonce.exe
C:\Users\Rodina\AppData\Roaming\Enigma Software Group\sh_installer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Rodina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Users\Rodina\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\SysWOW64\WScript.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\conathst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Rodina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Rodina\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BingSvc] C:\Users\Rodina\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [tmp7B63] wscript.exe //B "C:\Users\Rodina\AppData\Roaming\tmp7B63.tmp.js"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: tmp7B63.tmp.js
O8 - Extra context menu item: Download video on this page - res://C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_IE.dll/300
O8 - Extra context menu item: Download video this links to - res://C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_IE.dll/301
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_IE.dll/300 (file missing)
O9 - Extra 'Tools' menuitem: Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YTVD_IE.dll/300 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem11.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12182 bytes

======Listing Processes======

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4a4667a3-6871-467e-acbe-f83ceb1ef888 -SystemEventPortName:HostProcess-55ccc82f-4362-4228-bbdb-e772d0c4d330 -IoCancelEventPortName:HostProcess-32661e17-af7b-418f-a356-6f68e9cc2be6 -NonStateChangingEventPortName:HostProcess-7f5954c8-48eb-457e-baff-cc8c7d9a5deb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a9bed852-e2c7-4caa-9b7e-b7f03fea1bb7 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
atieclxx
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
dashost.exe {a2814b88-2b12-401f-8017b91200b873ee}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\diMaster.dll" /prefetch:1
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\SysWOW64\PnkBstrA.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\viakaraokesrv.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" 3412af8d-fb33-498c-a151-9d43d3c58c8b
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe" /c /a /s UserSession2
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
runonce.exe /Explorer
C:\WINDOWS\SysWOW64\runonce.exe /RunOnce6432
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Rodina\AppData\Roaming\Enigma Software Group\sh_installer.exe" -lng CS
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Users\Rodina\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\WINDOWS\System32\Taskmgr.exe" /3
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe" /AUTOHIDE
"C:\Users\Rodina\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"C:\Windows\SysWOW64\wscript.exe" "C:\Users\Rodina\AppData\Roaming\tmp7B63.tmp.js"
"C:\Windows\SysWOW64\WScript.exe" "C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7B63.tmp.js"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
raptr_im.exe
"C:\Program Files (x86)\Raptr\raptr_ep64.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6824.0.751793734\393919638" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,23,51 --gpu-vendor-id=0x1002 --gpu-device-id=0x68b8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.1151.1004 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.2.950860649\2048510828" --font-cache-shared-handle=2476 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.3.2137912602\1958909408" --font-cache-shared-handle=2404 /prefetch:673131151
C:\WINDOWS\system32\cmd.exe /c "C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coNatHst.exe" --parent-window=0 chrome-extension://cjabmdjcfcfdmffimndhafhblfmpjdpe/ < \\.\pipe\chrome.nativeMessaging.in.9ecaca26d73e5c17 > \\.\pipe\chrome.nativeMessaging.out.9ecaca26d73e5c17
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64" --type=nacl-broker --channel="6824.5.835419952\2073539972" /prefetch:-875166825
"C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coNatHst.exe" --parent-window=0 chrome-extension://cjabmdjcfcfdmffimndhafhblfmpjdpe/
"C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\nacl64.exe" --type=nacl-loader --channel="6824.4.1822579379\614255089" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.12.458157042\812515496" --font-cache-shared-handle=5624 /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.14.281404899\2050474629" --font-cache-shared-handle=4792 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.16.198001423\1471071234" --font-cache-shared-handle=6336 /prefetch:673131151
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7B63.tmp.js
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.22.363878963\735428714" --font-cache-shared-handle=6880 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6824.23.1418294100\1201799153" --ppapi-flash-args=enable_hw_video_decode=1 --lang=en-US --device-scale-factor=1 --font-cache-shared-handle=7212 --ignored=" --type=renderer " /prefetch:-632637702
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe" SCODEF:3980 CREDAT:140545 EDGEHOST /prefetch:6

"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
C:\Windows\System32\DataExchangeHost.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.25.800613813\199289336" --font-cache-shared-handle=7768 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.29.395468316\399557572" --font-cache-shared-handle=7872 /prefetch:673131151
taskeng.exe {83FC6708-CFA3-4085-9374-15DE4C781046}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Control/*AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/1DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="6824.32.944868631\568076524" --font-cache-shared-handle=9060 /prefetch:673131151
"C:\Users\Rodina\Desktop\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-10-03 2634872]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2015-10-03 1710568]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-10-16 170256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Rodina\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-10-27 548552]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2015-11-12 3638256]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2015-11-10 3011152]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-11-17 50509440]
"BingSvc"=C:\Users\Rodina\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-21 144008]
"tmp7B63"=wscript.exe //B C:\Users\Rodina\AppData\Roaming\tmp7B63.tmp.js []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-09-30 767176]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2015-11-13 56080]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
tmp7B63.tmp.js

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe"="C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe:*:Enabled:YouTube Video Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-04 23:04:00 ----D---- C:\Program Files\trend micro
2015-12-04 23:03:59 ----D---- C:\rsit
2015-12-04 22:08:01 ----A---- C:\Users\Rodina\AppData\Roaming\tmp7B63.tmp.js
2015-12-04 20:04:39 ----A---- C:\ProgramData\SMRResults501.dat
2015-12-04 18:39:26 ----D---- C:\Program Files (x86)\ESET
2015-12-04 15:53:57 ----D---- C:\Program Files (x86)\LogMeIn Rescue RC - b2c517c1-3f16-4a1f-9140-bb13b5d6b587
2015-12-03 18:45:39 ----A---- C:\autoexec.bat
2015-12-03 18:45:02 ----D---- C:\Users\Rodina\AppData\Roaming\Enigma Software Group
2015-12-03 18:42:55 ----A---- C:\WINDOWS\system32\drivers\EsgScanner.sys
2015-12-03 17:17:59 ----D---- C:\WINDOWS\pss
2015-12-01 15:15:43 ----A---- C:\WINDOWS\SYSWOW64\fmcodec.DLL
2015-12-01 15:12:02 ----D---- C:\Program Files (x86)\DsNET Corp
2015-11-25 16:26:19 ----SHD---- C:\found.000
2015-11-23 17:07:20 ----D---- C:\Users\Rodina\AppData\Roaming\TS3Client
2015-11-23 17:07:15 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2015-11-21 18:53:37 ----D---- C:\Users\Rodina\AppData\Roaming\Skype
2015-11-21 18:53:20 ----RD---- C:\Program Files (x86)\Skype
2015-11-21 18:53:04 ----D---- C:\ProgramData\Skype
2015-11-18 20:45:26 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_7.dll
2015-11-18 20:45:26 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_5.dll
2015-11-18 20:45:26 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_7.dll
2015-11-18 20:45:26 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2015-11-18 20:45:26 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2015-11-18 20:45:26 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2015-11-18 20:45:25 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2015-11-18 20:45:24 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2015-11-18 20:45:24 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2015-11-11 06:43:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2015-11-11 06:43:01 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:43:01 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:43:00 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2015-11-11 06:43:00 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:43:00 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:42:59 ----A---- C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:42:58 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2015-11-11 06:42:58 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:42:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:42:57 ----A---- C:\WINDOWS\system32\esent.dll
2015-11-11 06:42:56 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:42:55 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-11-11 06:42:54 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2015-11-11 06:42:54 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2015-11-11 06:42:50 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-11-11 06:42:48 ----A---- C:\WINDOWS\SYSWOW64\dlnashext.dll
2015-11-11 06:42:48 ----A---- C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:42:47 ----A---- C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:42:47 ----A---- C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:42:45 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2015-11-11 06:42:45 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:42:44 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-11-11 06:42:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:42:43 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2015-11-11 06:42:43 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:42:43 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:42:43 ----A---- C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:42:42 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-11-11 06:42:42 ----A---- C:\WINDOWS\system32\drivers\tdx.sys
2015-11-11 06:42:42 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2015-11-11 06:42:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:42:40 ----A---- C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:42:40 ----A---- C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:42:40 ----A---- C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:42:40 ----A---- C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:42:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.dll
2015-11-11 06:42:39 ----A---- C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:42:39 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:42:39 ----A---- C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:42:38 ----A---- C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:42:38 ----A---- C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:42:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:42:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Usb.dll
2015-11-11 06:42:37 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2015-11-11 06:42:37 ----A---- C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:42:36 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2015-11-11 06:42:36 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:42:36 ----A---- C:\WINDOWS\system32\jscript.dll
2015-11-11 06:42:35 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-11-11 06:42:35 ----A---- C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:42:34 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2015-11-11 06:42:34 ----A---- C:\WINDOWS\system32\fontdrvhost.exe

======List of files/folders modified in the last 1 month======

2015-12-04 23:04:00 ----RD---- C:\Program Files
2015-12-04 22:27:08 ----D---- C:\WINDOWS\Temp
2015-12-04 22:16:28 ----D---- C:\WINDOWS\System32
2015-12-04 22:16:28 ----D---- C:\WINDOWS\INF
2015-12-04 22:16:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-04 22:12:37 ----SHD---- C:\System Volume Information
2015-12-04 22:11:00 ----D---- C:\Users\Rodina\AppData\Roaming\Raptr
2015-12-04 22:10:28 ----D---- C:\Program Files (x86)\Steam
2015-12-04 22:10:04 ----D---- C:\ProgramData\NVIDIA
2015-12-04 22:09:42 ----D---- C:\WINDOWS\system32\sru
2015-12-04 22:09:28 ----D---- C:\WINDOWS\system32\Tasks
2015-12-04 20:04:40 ----D---- C:\WINDOWS\system32\drivers
2015-12-04 20:04:39 ----HD---- C:\ProgramData
2015-12-04 18:39:26 ----RD---- C:\Program Files (x86)
2015-12-04 17:35:52 ----D---- C:\WINDOWS\system32\restore
2015-12-04 17:34:29 ----D---- C:\Program Files (x86)\Raptr
2015-12-04 17:33:46 ----D---- C:\WINDOWS\Microsoft.NET
2015-12-04 15:54:40 ----D---- C:\ProgramData\Norton
2015-12-04 15:47:30 ----HD---- C:\Program Files\WindowsApps
2015-12-04 15:47:30 ----D---- C:\WINDOWS\AppReadiness
2015-12-03 18:41:22 ----D---- C:\Windows
2015-12-03 18:34:23 ----D---- C:\WINDOWS\system32\NDF
2015-12-03 17:41:57 ----D---- C:\WINDOWS\SysWOW64
2015-12-03 17:41:57 ----A---- C:\WINDOWS\SYSWOW64\PerfStringBackup.INI
2015-12-03 17:18:54 ----D---- C:\WINDOWS\Tasks
2015-12-03 17:10:29 ----D---- C:\WINDOWS\system32\LogFiles
2015-12-02 08:32:42 ----D---- C:\Users\Rodina\AppData\Roaming\vlc
2015-12-02 07:00:06 ----SHDC---- C:\WINDOWS\Installer
2015-12-01 01:59:42 ----SD---- C:\Users\Rodina\AppData\Roaming\Microsoft
2015-11-27 18:17:02 ----D---- C:\Program Files (x86)\TeamViewer
2015-11-26 09:51:15 ----HD---- C:\WINDOWS\ELAMBKUP
2015-11-26 09:37:49 ----D---- C:\WINDOWS\system32\drivers\N360x64
2015-11-24 20:55:32 ----D---- C:\WINDOWS\system32\catroot2
2015-11-24 20:55:26 ----D---- C:\ProgramData\Origin
2015-11-22 15:58:16 ----RSD---- C:\WINDOWS\assembly
2015-11-21 18:53:21 ----D---- C:\Program Files (x86)\Common Files
2015-11-20 14:49:23 ----A---- C:\WINDOWS\SYSWOW64\PnkBstrB.exe
2015-11-18 19:50:19 ----D---- C:\Logs
2015-11-17 09:11:02 ----D---- C:\WINDOWS\system32\config
2015-11-14 09:56:48 ----D---- C:\WINDOWS\rescache
2015-11-12 18:55:58 ----D---- C:\WINDOWS\WinSxS
2015-11-12 18:37:05 ----D---- C:\Program Files (x86)\Origin
2015-11-11 08:57:29 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2015-11-11 08:57:29 ----D---- C:\WINDOWS\system32\sk-SK
2015-11-11 08:57:29 ----D---- C:\WINDOWS\system32\appraiser
2015-11-11 08:57:28 ----D---- C:\WINDOWS\AppPatch
2015-11-11 08:57:27 ----D---- C:\WINDOWS\system32\DriverStore
2015-11-11 06:50:11 ----D---- C:\WINDOWS\CbsTemp
2015-11-11 06:49:24 ----D---- C:\WINDOWS\system32\MRT
2015-11-11 06:44:31 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmafd;@oem7.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmafd.sys [2015-07-28 40720]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [2015-11-12 1621232]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [2015-10-08 1665608]
R1 ccSet_N360;N360 Settings Manager; C:\WINDOWS\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [2015-09-23 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-07-10 83968]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-07-10 8192]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20151203.001\IDSvia64.sys [2015-10-20 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [2015-09-23 50936]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [2015-09-23 297720]
R1 SymNetS;Symantec Network Security WFP Driver; C:\WINDOWS\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [2015-11-12 577768]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-07-10 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-07-10 61952]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-09-30 21639168]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-09-30 665600]
R3 AtiHDAudioService;@oem9.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2015-07-22 102912]
R3 dtlitescsibus;@oem12.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-10-01 30264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-19 157520]
R3 HECIx64;@oem5.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-17 56344]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2015-10-01 175104]
R3 MTsensor;@oem6.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20151204.001\ENG64.SYS [2015-11-19 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20151204.001\EX64.SYS [2015-11-19 2148080]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-03 19576]
R3 nvvad_WaveExtensible;@oem17.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2015-10-03 50472]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-06-18 587264]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [2015-11-12 928496]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [2015-10-01 111344]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-07-10 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-07-10 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-07-10 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-07-10 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-07-10 40288]
S0 SymELAM;Symantec ELAM Driver; C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SymELAM.sys [2015-09-23 24192]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-09-17 36352]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-07-10 116736]
S3 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2015-12-03 22704]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-07-10 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-07-10 50016]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-07-10 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-07-10 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-07-10 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-07-10 76128]
S3 NVHDA;@oem15.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2015-10-03 204648]
S3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-10-06 11210056]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-09-10 934752]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2015-07-10 61952]
S3 UcmUcsi;@ucmucsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-09-10 46080]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2015-07-10 44032]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2015-07-10 245088]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-07-10 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-07-10 127840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-09-30 246784]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-07 77104]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-10-03 1155192]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2015-10-01 26112]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe [2015-11-20 282016]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-10-03 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-10-03 5544568]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-10-03 938800]
R2 OneSyncSvc_Session1;Sync Host_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\syswow64\PnkBstrA.exe [2015-10-06 76152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-10-03 417400]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-09-11 5702416]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-07-10 27136]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-06-17 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01 144200]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-10-16 644880]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\lsass.exe [2015-07-10 56344]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-11-12 2099720]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 PimIndexMaintenanceSvc_Session1;Kontaktné údaje_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-09-10 1031680]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-11-10 836176]
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-06-19 50352]

-----------------EOF-----------------

TU som nasiel voláky zdroják tej sracky co mi to robí

Kód: Vybrat vše

[color=#4000BF]
//<S A F A 7 _ 2 2  C r y p t e r v7.3>

Prispevok upravil pavuk29
Zdrojak sracky som odstranil, blokoval uzivatelom pristup do topicu (antivirak).

Zdravím!
Nejprve pusťte na tu flešku USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 . Pak dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

VIRY.CZ

USB virus, prosim o ktrolu LOGU

USB virus, prosim o ktrolu LOGU

Re: USB virus

Re: USB virus, prosim o ktrolu LOGU