Jump to content

Berc

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by Berc

  1. Berc

    Thank you for your time and help. I appreciate the quick answers and clear instructions.

  2. Berc
    I know I just kind of wasted your time, but i appreciate your help. At least i know my system is clean! I try to do my best to keep it that way. I will read your tips right now, and leave a comment. Berc
  3. Berc
    And i think i have done the cleanup. Thank you again!
  4. Berc
    here is the log : Results of screen317's Security Check version 0.99.87 Windows 7 x64 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` ESET Smart Security 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Adobe Flash Player 14.0.0.145 Adobe Reader XI Google Chrome 37.0.2062.102 Google Chrome 37.0.2062.103 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  5. Berc
    I found nothing suspicious. Does this mean i have nothing to worry about? In this case i thank you for your help and time.
  6. Berc
    Maybe if I let svchost communicate we can detect the problem? (i made a "rule" for the firewall to block it's communication ,in and out, from start) Threat scan found nothing
  7. Berc
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x64 Ran by Berc on 2014.09.03. at 17:47:22,67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2014.09.03. at 17:50:58,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Berc
    adwcleaner deleted nothing , here is the log : # AdwCleaner v3.309 - Report created 03/09/2014 at 17:40:46# Updated 02/09/2014 by Xplode# Operating System : Windows 7 Ultimate (64 bits)# Username : Berc - K# Running from : C:\Users\Berc\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Google Chrome v37.0.2062.103 [ File : C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [762 octets] - [03/09/2014 17:37:33]AdwCleaner[s0].txt - [684 octets] - [03/09/2014 17:40:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [743 octets] ##########
  9. Berc
    combofix's log ComboFix 14-08-31.01 - Berc 014.09.03. 17:08:32.1.8 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4046.2080 [GMT 2:00]Running from: c:\users\Berc\Desktop\ComboFix.exeAV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}FW: ESET Személyi tuzfal *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active...((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\windows\PFRO.log..((((((((((((((((((((((((( Files Created from 2014-08-03 to 2014-09-03 )))))))))))))))))))))))))))))))..2014-09-03 15:11 . 2014-09-03 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp2014-09-03 15:11 . 2014-09-03 15:11 -------- d-----w- c:\users\Berc\AppData\Local\temp2014-09-03 14:35 . 2014-09-03 14:35 -------- d-----w- c:\windows\ERUNT2014-09-03 13:49 . 2014-09-03 13:49 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-09-03 13:48 . 2014-09-03 13:49 -------- d-----w- c:\programdata\RogueKiller2014-09-03 13:25 . 2014-09-03 14:45 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-09-03 13:25 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-09-03 13:25 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-09-03 13:25 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-03 04:29 . 2014-09-03 13:34 -------- d-----w- C:\FRST2014-09-03 03:43 . 2014-09-03 03:43 -------- d-----w- c:\programdata\Malwarebytes2014-09-01 21:35 . 2014-09-01 21:35 -------- d-----w- c:\programdata\OEM Links2014-09-01 21:03 . 2014-09-01 21:07 -------- d-----w- c:\programdata\Tunngle2014-08-31 07:34 . 2014-08-31 07:34 -------- d-----w- c:\users\Berc\AppData\Local\ElevatedDiagnostics2014-08-30 04:10 . 2014-08-30 04:10 -------- d-----w- c:\users\Berc\AppData\Local\EdgeOfReality2014-08-22 08:49 . 2014-08-22 08:49 -------- d-----w- c:\programdata\Logs2014-08-22 08:49 . 2014-08-22 08:49 -------- d-----w- c:\programdata\Licenses2014-08-22 01:16 . 2014-09-03 02:02 -------- d-----w- c:\users\Berc\AppData\Local\Ubisoft Game Launcher2014-08-22 01:11 . 2014-08-22 02:35 -------- d-----w- c:\programdata\Ubisoft2014-08-22 01:07 . 2014-08-22 01:07 -------- d-----w- c:\program files (x86)\Ubisoft2014-08-18 08:34 . 2014-08-18 08:34 -------- d-----w- c:\programdata\Solidshield2014-08-18 08:28 . 2008-10-15 13:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll2014-08-18 08:28 . 2008-10-15 13:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll2014-08-18 08:28 . 2008-10-15 13:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll2014-08-18 08:28 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll2014-08-18 08:28 . 2008-10-15 13:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll2014-08-18 08:28 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----w- c:\users\Berc\AppData\Local\Skype2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----r- c:\program files (x86)\Skype2014-08-15 00:26 . 2014-08-15 00:27 -------- d-----w- c:\programdata\Skype2014-08-14 03:45 . 2014-08-14 03:45 -------- d-----w- c:\users\Berc\AppData\Local\Ubisoft2014-08-06 22:41 . 2009-09-16 14:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys2014-08-06 06:54 . 2014-08-06 06:54 -------- d-----w- c:\users\Berc\AppData\Local\Blizzard2014-08-06 05:16 . 2014-08-06 05:16 -------- d-----w- c:\users\Berc\AppData\Local\Adobe2014-08-05 19:03 . 2014-08-05 19:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-08-05 19:03 . 2014-08-05 19:03 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-08-05 19:03 . 2014-08-05 19:03 -------- d-----w- c:\windows\SysWow64\Macromed2014-08-05 19:03 . 2014-08-05 19:03 -------- d-----w- c:\windows\system32\Macromed...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-08-09 00:22 . 2014-08-03 04:19 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll2014-08-09 00:22 . 2014-08-03 04:19 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll2014-08-09 00:22 . 2014-08-03 04:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll2014-08-09 00:22 . 2014-08-03 04:19 1283136 ----a-w- c:\windows\system32\nvspcap64.dll2014-08-02 22:02 . 2014-08-02 22:02 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2014-08-02 15:41 . 2014-08-02 15:41 19872 ----a-w- c:\windows\system32\LenovoSDKEmSubSystem.dll2014-08-02 15:41 . 2014-08-02 15:41 39008 ----a-w- c:\windows\system32\drivers\LhdX64.sys2014-08-02 15:41 . 2012-05-15 16:22 33560 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys2014-07-23 17:52 . 2014-08-02 15:28 270496 ------w- c:\windows\system32\MpSigStub.exe2014-07-14 11:12 . 2014-08-02 15:28 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D879F2-3E36-48B2-8616-EC9653B90AC5}\mpengine.dll2014-07-02 20:48 . 2014-08-03 04:26 944928 ----a-w- c:\windows\system32\NvIFR64.dll2014-07-02 20:48 . 2014-08-03 04:26 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll2014-07-02 20:48 . 2014-08-03 04:26 903624 ----a-w- c:\windows\system32\NvFBC64.dll2014-07-02 20:48 . 2014-08-03 04:26 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll2014-07-02 20:48 . 2014-08-03 04:26 502232 ----a-w- c:\windows\system32\nvEncodeAPI64.dll2014-07-02 20:48 . 2014-08-03 04:26 4247000 ----a-w- c:\windows\system32\nvcuvid.dll2014-07-02 20:48 . 2014-08-03 04:26 418760 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll2014-07-02 20:48 . 2014-08-03 04:26 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll2014-07-02 20:48 . 2014-08-03 04:26 391640 ----a-w- c:\windows\system32\NvIFROpenGL.dll2014-07-02 20:48 . 2014-08-03 04:26 348120 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll2014-07-02 20:48 . 2014-08-03 04:26 31512520 ----a-w- c:\windows\system32\nvoglv64.dll2014-07-02 20:48 . 2014-08-03 04:26 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll2014-07-02 20:48 . 2014-08-03 04:26 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll2014-07-02 20:48 . 2014-08-03 04:26 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll2014-07-02 20:48 . 2014-08-03 04:26 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2014-07-02 20:48 . 2014-08-03 04:26 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll2014-07-02 20:48 . 2014-08-03 04:26 13922752 ----a-w- c:\windows\system32\nvopencl.dll2014-07-02 20:48 . 2014-08-03 04:26 13835208 ----a-w- c:\windows\system32\nvcuda.dll2014-07-02 20:48 . 2014-08-03 04:26 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2014-07-02 20:48 . 2014-08-03 04:26 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll2014-07-02 20:48 . 2014-08-03 04:26 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll2014-07-02 20:48 . 2014-08-03 04:26 22994208 ----a-w- c:\windows\system32\nvcompiler.dll2014-07-02 20:48 . 2014-08-03 04:26 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll2014-07-02 20:48 . 2014-08-02 15:20 75040 ----a-w- c:\windows\system32\OpenCL.dll2014-07-02 20:48 . 2014-08-02 15:20 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll2014-07-02 20:48 . 2014-08-02 15:18 3196816 ----a-w- c:\windows\system32\nvapi64.dll2014-07-02 20:48 . 2014-08-02 15:18 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll2014-07-02 20:48 . 2014-08-02 15:18 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-07-02 20:48 . 2014-08-02 15:18 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-07-02 18:55 . 2014-08-02 15:20 6783776 ----a-w- c:\windows\system32\nvcpl.dll2014-07-02 18:55 . 2014-08-02 15:20 3522392 ----a-w- c:\windows\system32\nvsvc64.dll2014-07-02 18:55 . 2014-08-02 15:20 935368 ----a-w- c:\windows\system32\nvvsvc.exe2014-07-02 18:55 . 2014-08-02 15:20 62808 ----a-w- c:\windows\system32\nvshext.dll2014-07-02 18:55 . 2014-08-02 15:20 618440 ----a-w- c:\windows\SysWow64\oemdspif.dll2014-07-02 18:55 . 2014-08-02 15:20 386520 ----a-w- c:\windows\system32\nvmctray.dll2014-07-02 18:55 . 2014-08-02 15:20 2559960 ----a-w- c:\windows\system32\nvsvcr.dll2014-07-02 17:44 . 2014-08-03 04:27 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-07-02 10:14 . 2014-08-03 04:27 3826628 ----a-w- c:\windows\system32\nvcoproc.bin..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]"DAEMON Tools Lite"="d:\egyéb\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe;d:\malwarebytes anti-malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 TunngleService;TunngleService;d:\tunngle\TnglCtrl.exe;d:\tunngle\TnglCtrl.exe [x]R4 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe;d:\malwarebytes anti-malware\mbamscheduler.exe [x]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]..Contents of the 'Scheduled Tasks' folder.2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05 19:03].2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 16:01].2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 16:01].2014-09-01 c:\windows\Tasks\Norton Security Scan for Berc.job- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-08-02 06:04]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-28 12937872]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-07-11 1214608]"RtsFT"="RTFTrack.exe" [2012-08-07 6334096]"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-08-02 17080376]"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-08-02 191544]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.SafeBoot-18168778.sysHKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exeHKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-09-03 17:12:08ComboFix-quarantined-files.txt 2014-09-03 15:12.Pre-Run: 82 738 049 024 bájt szabadPost-Run: 82 492 039 168 bájt szabad.- - End Of File - - E9702A0DB0508AC232366194C69A7FEA
  10. Berc
    I gave it another try , with network set to public . same happened
  11. Berc
    2nd : TDSSKiller.3.0.0.40_03.09.2014_16.40.01_log.txt
  12. Berc
    TDSSkiller's first log : 16:36:56.0237 0x061c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:5816:37:02.0539 0x061c ============================================================16:37:02.0539 0x061c Current date / time: 2014/09/03 16:37:02.053916:37:02.0539 0x061c SystemInfo:16:37:02.0539 0x061c 16:37:02.0539 0x061c OS Version: 6.1.7600 ServicePack: 0.016:37:02.0539 0x061c Product type: Workstation16:37:02.0540 0x061c ComputerName: K16:37:02.0540 0x061c UserName: Berc16:37:02.0540 0x061c Windows directory: C:\Windows16:37:02.0540 0x061c System windows directory: C:\Windows16:37:02.0540 0x061c Running under WOW6416:37:02.0540 0x061c Processor architecture: Intel x6416:37:02.0540 0x061c Number of processors: 816:37:02.0540 0x061c Page size: 0x100016:37:02.0540 0x061c Boot type: Normal boot16:37:02.0540 0x061c ============================================================16:37:02.0623 0x061c KLMD registered as C:\Windows\system32\drivers\78124676.sys16:37:02.0725 0x061c System UUID: {DDDBB749-9878-912C-5B0E-3C5C19F1347E}16:37:03.0085 0x061c Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004016:37:03.0102 0x061c Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004016:37:03.0117 0x061c ============================================================16:37:03.0117 0x061c \Device\Harddisk0\DR0:16:37:03.0117 0x061c MBR partitions:16:37:03.0117 0x061c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200016:37:03.0117 0x061c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF6180016:37:03.0117 0x061c \Device\Harddisk1\DR1:16:37:03.0117 0x061c MBR partitions:16:37:03.0117 0x061c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7441800016:37:03.0118 0x061c ============================================================16:37:03.0119 0x061c C: <-> \Device\Harddisk0\DR0\Partition216:37:03.0144 0x061c D: <-> \Device\Harddisk1\DR1\Partition116:37:03.0144 0x061c ============================================================16:37:03.0144 0x061c Initialize success16:37:03.0144 0x061c ============================================================16:37:59.0492 0x14e4 KLMD registered as C:\Windows\system32\drivers\40948773.sys16:38:00.0055 0x14e4 Deinitialize success
  13. Berc
    r.killer log : RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : https://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Berc [Admin rights]Mode : Scan -- Date : 09/03/2014 15:51:18 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\LHDmgr @ Unknown (\SystemRoot\System32\Drivers\Ntfs.sys)[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\LHDmgr @ Unknown (\SystemRoot\System32\Drivers\Ntfs.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: KINGSTON SMS200S3120G +++++--- User ---[MBR] 8a8389c628b97dba4b00ed318c6a73ab[bSP] 48c2662639ce60fe9171c7c75520e8bb : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++--- User ---[MBR] aedd16f13555cb5918d190fa30706301[bSP] dbc401f9b96218eabbf064a188d47065 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 952368 MB1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1950453168 | Size: 1500 MBUser = LL1 ... OKUser = LL2 ... OK
  14. Berc
    frst.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01Ran by Berc (administrator) on K on 03-09-2014 15:34:02Running from D:\letöltésekPlatform: Windows 7 Ultimate (X64) OS Language: angol (Egyesült Államok)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-28] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-11] (Realtek Semiconductor)HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6334096 2012-08-07] (Realtek semiconductor)HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-08-02] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-08-02] (Lenovo(beijing) Limited)HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-25] (ESET)HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-22] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKU\S-1-5-21-3845601469-3168380552-2372400417-1000\...\Run: [DAEMON Tools Lite] => D:\egyéb\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)HKU\S-1-5-21-3845601469-3168380552-2372400417-1000\...\MountPoints2: {cd3360d1-1a5b-11e4-bf1e-806e6f6e6963} - E:\autorun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0C2573765AECF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-02] Chrome: =======CHR Profile: C:\Users\Berc\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (From Dust) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-08-02]CHR Extension: (Google Drive) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]CHR Extension: (YouTube) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]CHR Extension: (Google Search) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]CHR Extension: (Google Wallet) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]CHR Extension: (Gmail) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-25] (ESET)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)S3 TunngleService; D:\Tunngle\TnglCtrl.exe [758224 2013-11-07] (Tunngle.net GmbH)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-03] (Symantec Corporation)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-03] (Qualcomm Atheros Co., Ltd.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8226832 2012-08-07] (Realtek Semiconductor Corp.)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-03 15:30 - 2014-09-03 15:30 - 00001039 _____ () C:\Users\Berc\Desktop\mbam.txt2014-09-03 15:25 - 2014-09-03 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-03 15:25 - 2014-09-03 15:25 - 00000618 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-03 15:25 - 2014-09-03 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-03 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-03 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-03 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-03 07:04 - 2014-09-03 07:06 - 00000668 _____ () C:\Windows\PFRO.log2014-09-03 06:29 - 2014-09-03 15:34 - 00000000 ____D () C:\FRST2014-09-03 05:43 - 2014-09-03 05:43 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-03 04:03 - 2014-09-03 04:03 - 00000205 _____ () C:\Users\Berc\Desktop\Assassin's Creed IV Black Flag.url2014-09-02 22:51 - 2014-09-02 22:53 - 00000122 _____ () C:\Users\Berc\Desktop\fontos.txt2014-09-01 23:37 - 2014-09-03 15:11 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Ubisoft2014-09-01 23:37 - 2014-09-02 22:48 - 00000000 ____D () C:\Users\Berc\Desktop\egyéb prog2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\My Games2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\ANNO 1404 Venice2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Tunngle2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Skype2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\NVIDIA2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Macromedia2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\InstallShield2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Adobe2014-09-01 23:37 - 2014-08-31 05:47 - 00000277 _____ () C:\Users\Berc\Desktop\bang plus remastered.txt2014-09-01 23:37 - 2014-08-27 09:21 - 00000008 _____ () C:\Users\Berc\Desktop\tankcsapda.txt2014-09-01 23:37 - 2014-08-22 04:38 - 00000456 _____ () C:\Users\Berc\Desktop\Assassin's Creed parancsikonja.lnk2014-09-01 23:37 - 2014-08-22 03:02 - 00001136 _____ () C:\Users\Berc\Desktop\Assassin's Creed II.lnk2014-09-01 23:37 - 2014-08-22 02:27 - 00000200 _____ () C:\Users\Berc\Desktop\Sid Meier's Civilization V.url2014-09-01 23:37 - 2014-08-11 21:55 - 00000202 _____ () C:\Users\Berc\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url2014-09-01 23:37 - 2014-08-02 21:32 - 00000976 _____ () C:\Users\Berc\Desktop\órarend3 parancsikonja.lnk2014-09-01 23:37 - 2014-08-02 21:31 - 00000611 _____ () C:\Users\Berc\Desktop\BME parancsikonja.lnk2014-09-01 23:37 - 2014-08-02 21:25 - 00000707 _____ () C:\Users\Berc\Desktop\CCleaner.lnk2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Intel Corporation2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\ESET2014-09-01 23:32 - 2014-09-01 23:32 - 00289760 _____ () C:\Windows\Minidump\090114-8112-01.dmp2014-09-01 23:03 - 2014-09-01 23:07 - 00000000 ____D () C:\ProgramData\Tunngle2014-09-01 23:03 - 2014-09-01 23:03 - 00000537 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\Users\Public\Documents\Tunngle2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle2014-08-31 09:22 - 2014-08-31 09:22 - 00297504 _____ () C:\Windows\Minidump\083114-7316-01.dmp2014-08-31 00:57 - 2014-08-31 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed2014-08-31 00:53 - 2014-08-31 00:53 - 00297504 _____ () C:\Windows\Minidump\083014-9001-01.dmp2014-08-25 02:54 - 2014-09-01 23:32 - 458220670 _____ () C:\Windows\MEMORY.DMP2014-08-25 02:54 - 2014-09-01 23:32 - 00000000 ____D () C:\Windows\Minidump2014-08-25 02:54 - 2014-08-25 02:54 - 00331568 _____ () C:\Windows\Minidump\082414-7488-01.dmp2014-08-22 10:49 - 2014-08-22 10:50 - 00000000 ____D () C:\ProgramData\TEMP2014-08-22 10:49 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\Licenses2014-08-22 03:11 - 2014-08-22 04:35 - 00000000 ____D () C:\ProgramData\Ubisoft2014-08-22 03:07 - 2014-08-22 03:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2014-08-20 03:13 - 2014-08-20 03:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-08-18 10:34 - 2014-08-18 10:34 - 00000000 ____D () C:\ProgramData\Solidshield2014-08-18 10:28 - 2008-10-15 15:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll2014-08-18 10:28 - 2008-10-15 15:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll2014-08-18 10:28 - 2008-10-15 15:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll2014-08-18 10:28 - 2008-10-15 15:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll2014-08-18 10:28 - 2008-10-15 15:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll2014-08-18 10:28 - 2008-10-15 15:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll2014-08-17 09:17 - 2014-08-30 06:10 - 00290411 _____ () C:\Windows\DirectX.log2014-08-15 02:27 - 2014-08-15 02:27 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-08-15 02:26 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Skype2014-08-08 21:35 - 2014-09-03 11:43 - 00014200 _____ () C:\Windows\setupact.log2014-08-08 21:35 - 2014-08-08 21:35 - 00000000 _____ () C:\Windows\setuperr.log2014-08-07 01:31 - 2014-09-01 23:05 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat2014-08-07 00:41 - 2009-09-16 16:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys2014-08-05 21:03 - 2014-09-03 15:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-05 21:03 - 2014-08-05 21:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-08-05 21:03 - 2014-08-05 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-05 21:03 - 2014-08-05 21:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\system32\Macromed2014-08-04 08:47 - 2014-08-04 08:47 - 00000779 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk2014-08-04 08:47 - 2014-08-04 08:47 - 00000745 _____ () C:\Users\Public\Desktop\Hearthstone.lnk2014-08-04 08:47 - 2014-08-04 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-08-04 08:45 - 2014-08-04 08:53 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Battle.net2014-08-04 08:45 - 2014-08-04 08:45 - 00000758 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment2014-08-04 08:44 - 2014-08-04 08:44 - 00000000 ____D () C:\ProgramData\Battle.net2014-08-04 02:11 - 2014-08-04 02:11 - 00000915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk2014-08-04 02:08 - 2014-08-04 02:10 - 00000000 ____D () C:\Windows\system32\appmgmt2014-08-04 02:07 - 2014-08-04 02:07 - 00003134 _____ () C:\Windows\System32\Tasks\{FA00DB6D-FD2B-4334-B809-9387A5528CBF}2014-08-04 02:05 - 2014-08-04 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-03 15:34 - 2014-09-03 06:29 - 00000000 ____D () C:\FRST2014-09-03 15:32 - 2014-08-05 21:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-03 15:30 - 2014-09-03 15:30 - 00001039 _____ () C:\Users\Berc\Desktop\mbam.txt2014-09-03 15:27 - 2014-09-03 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-03 15:25 - 2014-09-03 15:25 - 00000618 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-03 15:25 - 2014-09-03 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-03 15:11 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Ubisoft2014-09-03 15:11 - 2014-08-02 17:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-09-03 15:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-09-03 11:49 - 2014-08-02 20:21 - 00681448 _____ () C:\Windows\system32\perfh00E.dat2014-09-03 11:49 - 2014-08-02 20:21 - 00170004 _____ () C:\Windows\system32\perfc00E.dat2014-09-03 11:49 - 2009-07-14 07:13 - 01621424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-03 11:48 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-03 11:48 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-03 11:44 - 2014-08-02 17:12 - 01618481 _____ () C:\Windows\WindowsUpdate.log2014-09-03 11:43 - 2014-08-08 21:35 - 00014200 _____ () C:\Windows\setupact.log2014-09-03 11:43 - 2014-08-02 18:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-03 11:43 - 2014-08-02 17:21 - 00000000 ____D () C:\ProgramData\NVIDIA2014-09-03 11:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-03 07:06 - 2014-09-03 07:04 - 00000668 _____ () C:\Windows\PFRO.log2014-09-03 07:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance2014-09-03 05:43 - 2014-09-03 05:43 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-03 04:03 - 2014-09-03 04:03 - 00000205 _____ () C:\Users\Berc\Desktop\Assassin's Creed IV Black Flag.url2014-09-02 22:53 - 2014-09-02 22:51 - 00000122 _____ () C:\Users\Berc\Desktop\fontos.txt2014-09-02 22:48 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Desktop\egyéb prog2014-09-02 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache2014-09-02 05:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Microsoft Games2014-09-02 05:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\My Games2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\ANNO 1404 Venice2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Tunngle2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Skype2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\NVIDIA2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Macromedia2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\InstallShield2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Adobe2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Intel Corporation2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\ESET2014-09-01 23:35 - 2014-08-02 17:10 - 00000000 ____D () C:\Users\Berc2014-09-01 23:32 - 2014-09-01 23:32 - 00289760 _____ () C:\Windows\Minidump\090114-8112-01.dmp2014-09-01 23:32 - 2014-08-25 02:54 - 458220670 _____ () C:\Windows\MEMORY.DMP2014-09-01 23:32 - 2014-08-25 02:54 - 00000000 ____D () C:\Windows\Minidump2014-09-01 23:07 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Tunngle2014-09-01 23:05 - 2014-08-07 01:31 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat2014-09-01 23:04 - 2009-07-14 06:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-01 23:03 - 2014-09-01 23:03 - 00000537 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\Users\Public\Documents\Tunngle2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle2014-09-01 22:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-01 22:13 - 2014-08-03 00:14 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Berc.job2014-08-31 09:42 - 2014-08-03 00:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-08-31 09:22 - 2014-08-31 09:22 - 00297504 _____ () C:\Windows\Minidump\083114-7316-01.dmp2014-08-31 05:47 - 2014-09-01 23:37 - 00000277 _____ () C:\Users\Berc\Desktop\bang plus remastered.txt2014-08-31 00:57 - 2014-08-31 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed2014-08-31 00:53 - 2014-08-31 00:53 - 00297504 _____ () C:\Windows\Minidump\083014-9001-01.dmp2014-08-30 06:10 - 2014-08-17 09:17 - 00290411 _____ () C:\Windows\DirectX.log2014-08-27 09:21 - 2014-09-01 23:37 - 00000008 _____ () C:\Users\Berc\Desktop\tankcsapda.txt2014-08-25 02:54 - 2014-08-25 02:54 - 00331568 _____ () C:\Windows\Minidump\082414-7488-01.dmp2014-08-22 10:50 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\TEMP2014-08-22 10:49 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\Licenses2014-08-22 04:38 - 2014-09-01 23:37 - 00000456 _____ () C:\Users\Berc\Desktop\Assassin's Creed parancsikonja.lnk2014-08-22 04:35 - 2014-08-22 03:11 - 00000000 ____D () C:\ProgramData\Ubisoft2014-08-22 03:07 - 2014-08-22 03:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2014-08-22 03:02 - 2014-09-01 23:37 - 00001136 _____ () C:\Users\Berc\Desktop\Assassin's Creed II.lnk2014-08-22 02:27 - 2014-09-01 23:37 - 00000200 _____ () C:\Users\Berc\Desktop\Sid Meier's Civilization V.url2014-08-20 03:13 - 2014-08-20 03:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-08-18 10:34 - 2014-08-18 10:34 - 00000000 ____D () C:\ProgramData\Solidshield2014-08-15 02:27 - 2014-08-15 02:27 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-08-15 02:27 - 2014-08-15 02:26 - 00000000 ____D () C:\ProgramData\Skype2014-08-11 21:55 - 2014-09-01 23:37 - 00000202 _____ () C:\Users\Berc\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url2014-08-09 02:22 - 2014-08-03 06:19 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-08-09 02:22 - 2014-08-03 06:19 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-08-09 02:22 - 2014-08-03 06:19 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2014-08-09 02:22 - 2014-08-03 06:19 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2014-08-08 21:35 - 2014-08-08 21:35 - 00000000 _____ () C:\Windows\setuperr.log2014-08-05 21:03 - 2014-08-05 21:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-08-05 21:03 - 2014-08-05 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-05 21:03 - 2014-08-05 21:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\system32\Macromed2014-08-04 08:53 - 2014-08-04 08:45 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Battle.net2014-08-04 08:47 - 2014-08-04 08:47 - 00000779 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk2014-08-04 08:47 - 2014-08-04 08:47 - 00000745 _____ () C:\Users\Public\Desktop\Hearthstone.lnk2014-08-04 08:47 - 2014-08-04 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-08-04 08:45 - 2014-08-04 08:45 - 00000758 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment2014-08-04 08:44 - 2014-08-04 08:44 - 00000000 ____D () C:\ProgramData\Battle.net2014-08-04 02:17 - 2014-08-04 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2014-08-04 02:11 - 2014-08-04 02:11 - 00000915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk2014-08-04 02:10 - 2014-08-04 02:08 - 00000000 ____D () C:\Windows\system32\appmgmt2014-08-04 02:07 - 2014-08-04 02:07 - 00003134 _____ () C:\Windows\System32\Tasks\{FA00DB6D-FD2B-4334-B809-9387A5528CBF} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 00:33 ==================== End Of Log ============================
  15. Berc
    addition txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 01Ran by Berc at 2014-09-03 15:34:17Running from D:\letöltésekBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}FW: ESET Személyi tűzfal (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) - Hungarian (HKLM-x32\...\{AC76BA86-7AD7-1038-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)Assassin's Creed IV Black Flag Eastern Europe (HKLM-x32\...\Uplay Install 443) (Version: - Ubisoft)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)CCleaner (HKLM-x32\...\CCleaner) (Version: - Piriform)DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)Energy Management (x32 Version: 8.0.2.4 - Lenovo) HiddenESET Smart Security (HKLM\...\{9561CDAD-D786-4A56-849B-A985F90E7D85}) (Version: 7.0.317.4 - ESET, spol s r. o.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Intel PROSet Wireless (Version: - ) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10177 - Realtek Semiconductor Corp.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)NVIDIA 3D Vision illesztőprogram 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)NVIDIA frissítések 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)NVIDIA Grafikus illesztőprogram 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)NVIDIA HD audio-illesztőprogram 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) HiddenNVIDIA Vezérlőpult 340.52 (Version: 340.52 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPaint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6696 - Realtek Semiconductor Corp.)Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) HiddenSid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 22-08-2014 02:31:50 Installed DirectX30-08-2014 04:10:15 Installed DirectX31-08-2014 06:30:00 Installed DirectX31-08-2014 07:40:07 Windows Update01-09-2014 20:54:24 Revo Uninstaller's restore point - Tunngle beta01-09-2014 20:56:06 Revo Uninstaller's restore point - Loadout02-09-2014 03:44:34 Windows-modulok telepítője03-09-2014 04:43:33 Revo Uninstaller's restore point - µTorrent03-09-2014 13:09:50 Revo Uninstaller's restore point - Borderlands 2 - Game Of The Year Edition03-09-2014 13:10:44 Revo Uninstaller's restore point - ANNO 1404 - Gold Edition ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {265F80FF-DA1C-42F1-A611-453141873FF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)Task: {7DA85960-6EFF-4824-A6FE-D2CFB6A3E6D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)Task: {93671E63-7BC8-4307-A9A5-3DD333A26E8A} - System32\Tasks\Install_NSS => F:\berci2\telepítők\nssstub.exeTask: {9775169D-C2D6-4D1C-BF93-4DFF0960475D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exeTask: {DAF10759-173A-4AAD-844A-637BD0E5FBF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05] (Adobe Systems Incorporated)Task: {E6D6B938-EE10-4962-BC84-6E6610BB4D51} - System32\Tasks\Norton Security Scan for Berc => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)Task: {EF7CD255-D479-4D08-BB2F-C0D90F236133} - System32\Tasks\DriverEasy Scheduled Scan => D:\egyéb\DriverEasy\DriverEasy.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => D:\egyéb\DriverEasy\DriverEasy.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Install_NSS.job => F:\berci2\telepítQk\nssstub.exeTask: C:\Windows\Tasks\Norton Security Scan for Berc.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-02 17:20 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-08-02 17:29 - 2012-03-21 20:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe2014-09-03 11:51 - 2014-08-30 03:50 - 01442120 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll2014-09-03 11:51 - 2014-08-30 03:50 - 00168264 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll2014-09-03 11:51 - 2014-08-30 03:50 - 10328904 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll2014-09-03 11:51 - 2014-08-30 03:50 - 00405320 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll2014-09-03 11:51 - 2014-08-30 03:50 - 01831752 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll2014-08-02 23:37 - 2014-08-02 23:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1be00024593b682a0297d452db3d6fa2\IsdiInterop.ni.dll2014-08-02 17:42 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-08-02 17:43 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Bluetooth-eszköz (személyes hálózat)Description: Bluetooth-eszköz (személyes hálózat)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (09/03/2014 02:04:51 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/02/2014 10:48:10 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/03/2014 07:03:53 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver Error: (09/03/2014 05:48:33 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: A(z) mbam-setup-2.0.2.1012.tmp program (verzió: 51.52.0.0) kommunikációja a Windows rendszerrel megszakadt, ezért a program leállt. A hibával kapcsolatos további információkért ellenőrizze a probléma előzményeit a Műveletközpont vezérlőpulton. Folyamatazonosító: 200 Kezdés: 01cfc729d9bc58c5 Befejezés: 1 Alkalmazás elérési útja: D:\TEMP\is-1NT6M.tmp\mbam-setup-2.0.2.1012.tmp Jelentés azonosítója: Error: (09/03/2014 05:47:42 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: A(z) mbam-setup-2.0.2.1012.tmp program (verzió: 51.52.0.0) kommunikációja a Windows rendszerrel megszakadt, ezért a program leállt. A hibával kapcsolatos további információkért ellenőrizze a probléma előzményeit a Műveletközpont vezérlőpulton. Folyamatazonosító: df0 Kezdés: 01cfc7291de38622 Befejezés: 2 Alkalmazás elérési útja: D:\TEMP\is-GA298.tmp\mbam-setup-2.0.2.1012.tmp Jelentés azonosítója: Error: (09/03/2014 05:37:39 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/03/2014 05:03:06 AM) (Source: NvStreamSvc) (EventID: 1) (User: )Description: NvStreamSvcFailed to launch stream service as user [87] Error: (09/02/2014 09:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/02/2014 09:55:38 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver Error: (09/02/2014 05:44:47 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver System errors:=============Error: (09/03/2014 05:01:18 AM) (Source: DCOM) (EventID: 10000) (User: )Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1450{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) WLAN AutoConfig szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Desktop Window Manager Session Manager szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Distributed Link Tracking Client szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 300000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Superfetch szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Program Compatibility Assistant Service szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Network Connections szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 100 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) HomeGroup Listener szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Offline Files szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 300000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: A(z) Windows Audio Endpoint Builder szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service. Microsoft Office Sessions:=========================Error: (09/03/2014 02:04:51 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/02/2014 10:48:10 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/03/2014 07:03:53 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver Error: (09/03/2014 05:48:33 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: mbam-setup-2.0.2.1012.tmp51.52.0.020001cfc729d9bc58c51D:\TEMP\is-1NT6M.tmp\mbam-setup-2.0.2.1012.tmp Error: (09/03/2014 05:47:42 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: mbam-setup-2.0.2.1012.tmp51.52.0.0df001cfc7291de386222D:\TEMP\is-GA298.tmp\mbam-setup-2.0.2.1012.tmp Error: (09/03/2014 05:37:39 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/03/2014 05:03:06 AM) (Source: NvStreamSvc) (EventID: 1) (User: )Description: NvStreamSvcFailed to launch stream service as user [87] Error: (09/02/2014 09:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver Error: (09/02/2014 09:55:38 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver Error: (09/02/2014 05:44:47 AM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver CodeIntegrity Errors:=================================== Date: 2014-09-03 14:15:07.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 13:54:15.825 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 13:13:58.096 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 12:38:57.903 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 12:21:20.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 11:53:45.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 00:22:41.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-02 23:33:24.132 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-02 23:05:58.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 04:14:27.162 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3630QM CPU @ 2.40GHzPercentage of memory in use: 47%Total physical RAM: 4046.36 MBAvailable physical RAM: 2124.51 MBTotal Pagefile: 8090.86 MBAvailable Pagefile: 5514.53 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:76.26 GB) NTFSDrive d: (mind1) (Fixed) (Total:930.05 GB) (Free:796.87 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5957C15F)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E8457BFC)Partition 1: (Not Active) - (Size=930 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=1.5 GB) - (Type=12) ==================== End Of Log ============================
  16. Berc
    Mbam log : Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2014.09.03.Scan Time: 15:27:10Logfile: mbam.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.03.04.09Rootkit Database: v2014.08.21.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7CPU: x64File System: NTFSUser: Berc Scan Type: Threat ScanResult: CompletedObjects Scanned: 229518Time Elapsed: 2 min, 40 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  17. Berc
    Also when i block it completely this problem does not occur, but windows update does not work.
  18. Berc
    Hi. I have a problem: As soon as i start my computer svchost.exe is trying to connect to another computer ( my roommate's). If I block this with ESET firewall, it somehow blocks my network access. We are using the same network. I'm using Windows 7 ultimate 64 bit ESET smart security found nothing. (English is not my native language) Thank you for your answer. Berc
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.