Jump to content

svchost.exe blocking internet access


Berc

Recommended Posts

Hi. 

I have a problem:

As soon as i start my computer svchost.exe is trying to connect to another computer ( my roommate's).
If I block this with ESET firewall, it somehow blocks my network access.

We are using the same network.

I'm using Windows 7 ultimate 64 bit

ESET smart security found nothing.

(English is not my native language)

Thank you for your answer.
Berc

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Mbam log :
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014.09.03.
Scan Time: 15:27:10
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Berc
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 229518
Time Elapsed: 2 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

addition txt:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 01
Ran by Berc at 2014-09-03 15:34:17
Running from D:\letöltések
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Személyi tűzfal (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Hungarian (HKLM-x32\...\{AC76BA86-7AD7-1038-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed IV Black Flag Eastern Europe (HKLM-x32\...\Uplay Install 443) (Version:  - Ubisoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM-x32\...\CCleaner) (Version:  - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{9561CDAD-D786-4A56-849B-A985F90E7D85}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10177 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision illesztőprogram 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA frissítések 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafikus illesztőprogram 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD audio-illesztőprogram 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Vezérlőpult 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Communications Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6696 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-08-2014 02:31:50 Installed DirectX
30-08-2014 04:10:15 Installed DirectX
31-08-2014 06:30:00 Installed DirectX
31-08-2014 07:40:07 Windows Update
01-09-2014 20:54:24 Revo Uninstaller's restore point - Tunngle beta
01-09-2014 20:56:06 Revo Uninstaller's restore point - Loadout
02-09-2014 03:44:34 Windows-modulok telepítője
03-09-2014 04:43:33 Revo Uninstaller's restore point - µTorrent
03-09-2014 13:09:50 Revo Uninstaller's restore point - Borderlands 2 - Game Of The Year Edition
03-09-2014 13:10:44 Revo Uninstaller's restore point - ANNO 1404 - Gold Edition
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {265F80FF-DA1C-42F1-A611-453141873FF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {7DA85960-6EFF-4824-A6FE-D2CFB6A3E6D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {93671E63-7BC8-4307-A9A5-3DD333A26E8A} - System32\Tasks\Install_NSS => F:\berci2\telepítők\nssstub.exe
Task: {9775169D-C2D6-4D1C-BF93-4DFF0960475D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {DAF10759-173A-4AAD-844A-637BD0E5FBF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05] (Adobe Systems Incorporated)
Task: {E6D6B938-EE10-4962-BC84-6E6610BB4D51} - System32\Tasks\Norton Security Scan for Berc => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {EF7CD255-D479-4D08-BB2F-C0D90F236133} - System32\Tasks\DriverEasy Scheduled Scan => D:\egyéb\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => D:\egyéb\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Install_NSS.job => F:\berci2\telepítQk\nssstub.exe
Task: C:\Windows\Tasks\Norton Security Scan for Berc.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-02 17:20 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-02 17:29 - 2012-03-21 20:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-09-03 11:51 - 2014-08-30 03:50 - 01442120 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 11:51 - 2014-08-30 03:50 - 00168264 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 11:51 - 2014-08-30 03:50 - 10328904 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 11:51 - 2014-08-30 03:50 - 00405320 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 11:51 - 2014-08-30 03:50 - 01831752 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-08-02 23:37 - 2014-08-02 23:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1be00024593b682a0297d452db3d6fa2\IsdiInterop.ni.dll
2014-08-02 17:42 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-02 17:43 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth-eszköz (személyes hálózat)
Description: Bluetooth-eszköz (személyes hálózat)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2014 02:04:51 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/02/2014 10:48:10 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/03/2014 07:03:53 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
Error: (09/03/2014 05:48:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: A(z) mbam-setup-2.0.2.1012.tmp program (verzió: 51.52.0.0) kommunikációja a Windows rendszerrel megszakadt, ezért a program leállt. A hibával kapcsolatos további információkért ellenőrizze a probléma előzményeit a Műveletközpont vezérlőpulton.
 
Folyamatazonosító: 200
 
Kezdés: 01cfc729d9bc58c5
 
Befejezés: 1
 
Alkalmazás elérési útja: D:\TEMP\is-1NT6M.tmp\mbam-setup-2.0.2.1012.tmp
 
Jelentés azonosítója:
 
Error: (09/03/2014 05:47:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: A(z) mbam-setup-2.0.2.1012.tmp program (verzió: 51.52.0.0) kommunikációja a Windows rendszerrel megszakadt, ezért a program leállt. A hibával kapcsolatos további információkért ellenőrizze a probléma előzményeit a Műveletközpont vezérlőpulton.
 
Folyamatazonosító: df0
 
Kezdés: 01cfc7291de38622
 
Befejezés: 2
 
Alkalmazás elérési útja: D:\TEMP\is-GA298.tmp\mbam-setup-2.0.2.1012.tmp
 
Jelentés azonosítója:
 
Error: (09/03/2014 05:37:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/03/2014 05:03:06 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
 
Error: (09/02/2014 09:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/02/2014 09:55:38 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
Error: (09/02/2014 05:44:47 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
 
System errors:
=============
Error: (09/03/2014 05:01:18 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1450{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) WLAN AutoConfig szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Desktop Window Manager Session Manager szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Distributed Link Tracking Client szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 300000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Superfetch szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Program Compatibility Assistant Service szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Network Connections szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 100 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) HomeGroup Listener szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 60000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Offline Files szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 300000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
Error: (09/02/2014 05:33:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Windows Audio Endpoint Builder szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 120000 milliszekundumon belül a következő ellenintézkedés történik: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2014 02:04:51 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/02/2014 10:48:10 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/03/2014 07:03:53 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
Error: (09/03/2014 05:48:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam-setup-2.0.2.1012.tmp51.52.0.020001cfc729d9bc58c51D:\TEMP\is-1NT6M.tmp\mbam-setup-2.0.2.1012.tmp
 
Error: (09/03/2014 05:47:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam-setup-2.0.2.1012.tmp51.52.0.0df001cfc7291de386222D:\TEMP\is-GA298.tmp\mbam-setup-2.0.2.1012.tmp
 
Error: (09/03/2014 05:37:39 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/03/2014 05:03:06 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
 
Error: (09/02/2014 09:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver
 
Error: (09/02/2014 09:55:38 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
Error: (09/02/2014 05:44:47 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-03 14:15:07.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 13:54:15.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 13:13:58.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:38:57.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:21:20.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 11:53:45.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 00:22:41.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-02 23:33:24.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-02 23:05:58.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 04:14:27.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 4046.36 MB
Available physical RAM: 2124.51 MB
Total Pagefile: 8090.86 MB
Available Pagefile: 5514.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:76.26 GB) NTFS
Drive d: (mind1) (Fixed) (Total:930.05 GB) (Free:796.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5957C15F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E8457BFC)
Partition 1: (Not Active) - (Size=930 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1.5 GB) - (Type=12)
 
==================== End Of Log ============================
Link to post
Share on other sites

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01
Ran by Berc (administrator) on K on 03-09-2014 15:34:02
Running from D:\letöltések
Platform: Windows 7 Ultimate (X64) OS Language: angol (Egyesült Államok)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-11] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6334096 2012-08-07] (Realtek semiconductor)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-08-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-08-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-25] (ESET)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-22] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3845601469-3168380552-2372400417-1000\...\Run: [DAEMON Tools Lite] => D:\egyéb\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3845601469-3168380552-2372400417-1000\...\MountPoints2: {cd3360d1-1a5b-11e4-bf1e-806e6f6e6963} - E:\autorun.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0C2573765AECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (From Dust) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-08-02]
CHR Extension: (Google Drive) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Gmail) - C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-25] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S3 TunngleService; D:\Tunngle\TnglCtrl.exe [758224 2013-11-07] (Tunngle.net GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-03] (Symantec Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-03] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8226832 2012-08-07] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 15:30 - 2014-09-03 15:30 - 00001039 _____ () C:\Users\Berc\Desktop\mbam.txt
2014-09-03 15:25 - 2014-09-03 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 00000618 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 15:25 - 2014-09-03 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 07:04 - 2014-09-03 07:06 - 00000668 _____ () C:\Windows\PFRO.log
2014-09-03 06:29 - 2014-09-03 15:34 - 00000000 ____D () C:\FRST
2014-09-03 05:43 - 2014-09-03 05:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 04:03 - 2014-09-03 04:03 - 00000205 _____ () C:\Users\Berc\Desktop\Assassin's Creed IV Black Flag.url
2014-09-02 22:51 - 2014-09-02 22:53 - 00000122 _____ () C:\Users\Berc\Desktop\fontos.txt
2014-09-01 23:37 - 2014-09-03 15:11 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Ubisoft
2014-09-01 23:37 - 2014-09-02 22:48 - 00000000 ____D () C:\Users\Berc\Desktop\egyéb prog
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\My Games
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\ANNO 1404 Venice
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Tunngle
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Skype
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\NVIDIA
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Macromedia
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\InstallShield
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Adobe
2014-09-01 23:37 - 2014-08-31 05:47 - 00000277 _____ () C:\Users\Berc\Desktop\bang plus remastered.txt
2014-09-01 23:37 - 2014-08-27 09:21 - 00000008 _____ () C:\Users\Berc\Desktop\tankcsapda.txt
2014-09-01 23:37 - 2014-08-22 04:38 - 00000456 _____ () C:\Users\Berc\Desktop\Assassin's Creed parancsikonja.lnk
2014-09-01 23:37 - 2014-08-22 03:02 - 00001136 _____ () C:\Users\Berc\Desktop\Assassin's Creed II.lnk
2014-09-01 23:37 - 2014-08-22 02:27 - 00000200 _____ () C:\Users\Berc\Desktop\Sid Meier's Civilization V.url
2014-09-01 23:37 - 2014-08-11 21:55 - 00000202 _____ () C:\Users\Berc\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url
2014-09-01 23:37 - 2014-08-02 21:32 - 00000976 _____ () C:\Users\Berc\Desktop\órarend3 parancsikonja.lnk
2014-09-01 23:37 - 2014-08-02 21:31 - 00000611 _____ () C:\Users\Berc\Desktop\BME parancsikonja.lnk
2014-09-01 23:37 - 2014-08-02 21:25 - 00000707 _____ () C:\Users\Berc\Desktop\CCleaner.lnk
2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Intel Corporation
2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\ESET
2014-09-01 23:32 - 2014-09-01 23:32 - 00289760 _____ () C:\Windows\Minidump\090114-8112-01.dmp
2014-09-01 23:03 - 2014-09-01 23:07 - 00000000 ____D () C:\ProgramData\Tunngle
2014-09-01 23:03 - 2014-09-01 23:03 - 00000537 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-08-31 09:22 - 2014-08-31 09:22 - 00297504 _____ () C:\Windows\Minidump\083114-7316-01.dmp
2014-08-31 00:57 - 2014-08-31 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-08-31 00:53 - 2014-08-31 00:53 - 00297504 _____ () C:\Windows\Minidump\083014-9001-01.dmp
2014-08-25 02:54 - 2014-09-01 23:32 - 458220670 _____ () C:\Windows\MEMORY.DMP
2014-08-25 02:54 - 2014-09-01 23:32 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 02:54 - 2014-08-25 02:54 - 00331568 _____ () C:\Windows\Minidump\082414-7488-01.dmp
2014-08-22 10:49 - 2014-08-22 10:50 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-22 10:49 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-22 03:11 - 2014-08-22 04:35 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-08-22 03:07 - 2014-08-22 03:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-20 03:13 - 2014-08-20 03:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-18 10:34 - 2014-08-18 10:34 - 00000000 ____D () C:\ProgramData\Solidshield
2014-08-18 10:28 - 2008-10-15 15:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-08-18 10:28 - 2008-10-15 15:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-08-18 10:28 - 2008-10-15 15:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-08-18 10:28 - 2008-10-15 15:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-08-18 10:28 - 2008-10-15 15:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-08-18 10:28 - 2008-10-15 15:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-08-17 09:17 - 2014-08-30 06:10 - 00290411 _____ () C:\Windows\DirectX.log
2014-08-15 02:27 - 2014-08-15 02:27 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-15 02:26 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 21:35 - 2014-09-03 11:43 - 00014200 _____ () C:\Windows\setupact.log
2014-08-08 21:35 - 2014-08-08 21:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 01:31 - 2014-09-01 23:05 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-07 00:41 - 2009-09-16 16:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-08-05 21:03 - 2014-09-03 15:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 21:03 - 2014-08-05 21:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 21:03 - 2014-08-05 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 21:03 - 2014-08-05 21:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-04 08:47 - 2014-08-04 08:47 - 00000779 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-08-04 08:47 - 2014-08-04 08:47 - 00000745 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-04 08:47 - 2014-08-04 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-04 08:45 - 2014-08-04 08:53 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Battle.net
2014-08-04 08:45 - 2014-08-04 08:45 - 00000758 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-04 08:44 - 2014-08-04 08:44 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-04 02:11 - 2014-08-04 02:11 - 00000915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-08-04 02:08 - 2014-08-04 02:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-04 02:07 - 2014-08-04 02:07 - 00003134 _____ () C:\Windows\System32\Tasks\{FA00DB6D-FD2B-4334-B809-9387A5528CBF}
2014-08-04 02:05 - 2014-08-04 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 15:34 - 2014-09-03 06:29 - 00000000 ____D () C:\FRST
2014-09-03 15:32 - 2014-08-05 21:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 15:30 - 2014-09-03 15:30 - 00001039 _____ () C:\Users\Berc\Desktop\mbam.txt
2014-09-03 15:27 - 2014-09-03 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 00000618 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 15:25 - 2014-09-03 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 15:11 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Ubisoft
2014-09-03 15:11 - 2014-08-02 17:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 15:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-03 11:49 - 2014-08-02 20:21 - 00681448 _____ () C:\Windows\system32\perfh00E.dat
2014-09-03 11:49 - 2014-08-02 20:21 - 00170004 _____ () C:\Windows\system32\perfc00E.dat
2014-09-03 11:49 - 2009-07-14 07:13 - 01621424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 11:48 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:48 - 2009-07-14 06:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:44 - 2014-08-02 17:12 - 01618481 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 11:43 - 2014-08-08 21:35 - 00014200 _____ () C:\Windows\setupact.log
2014-09-03 11:43 - 2014-08-02 18:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 11:43 - 2014-08-02 17:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-03 11:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 07:06 - 2014-09-03 07:04 - 00000668 _____ () C:\Windows\PFRO.log
2014-09-03 07:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-09-03 05:43 - 2014-09-03 05:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 04:03 - 2014-09-03 04:03 - 00000205 _____ () C:\Users\Berc\Desktop\Assassin's Creed IV Black Flag.url
2014-09-02 22:53 - 2014-09-02 22:51 - 00000122 _____ () C:\Users\Berc\Desktop\fontos.txt
2014-09-02 22:48 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Desktop\egyéb prog
2014-09-02 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-02 05:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-02 05:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ___RD () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\My Games
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\Documents\ANNO 1404 Venice
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Tunngle
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Skype
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\NVIDIA
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Macromedia
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\InstallShield
2014-09-01 23:37 - 2014-09-01 23:37 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Adobe
2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Intel Corporation
2014-09-01 23:35 - 2014-09-01 23:35 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\ESET
2014-09-01 23:35 - 2014-08-02 17:10 - 00000000 ____D () C:\Users\Berc
2014-09-01 23:32 - 2014-09-01 23:32 - 00289760 _____ () C:\Windows\Minidump\090114-8112-01.dmp
2014-09-01 23:32 - 2014-08-25 02:54 - 458220670 _____ () C:\Windows\MEMORY.DMP
2014-09-01 23:32 - 2014-08-25 02:54 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 23:07 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Tunngle
2014-09-01 23:05 - 2014-08-07 01:31 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-09-01 23:04 - 2009-07-14 06:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 23:03 - 2014-09-01 23:03 - 00000537 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-09-01 23:03 - 2014-09-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-09-01 22:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 22:13 - 2014-08-03 00:14 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Berc.job
2014-08-31 09:42 - 2014-08-03 00:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-31 09:22 - 2014-08-31 09:22 - 00297504 _____ () C:\Windows\Minidump\083114-7316-01.dmp
2014-08-31 05:47 - 2014-09-01 23:37 - 00000277 _____ () C:\Users\Berc\Desktop\bang plus remastered.txt
2014-08-31 00:57 - 2014-08-31 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-08-31 00:53 - 2014-08-31 00:53 - 00297504 _____ () C:\Windows\Minidump\083014-9001-01.dmp
2014-08-30 06:10 - 2014-08-17 09:17 - 00290411 _____ () C:\Windows\DirectX.log
2014-08-27 09:21 - 2014-09-01 23:37 - 00000008 _____ () C:\Users\Berc\Desktop\tankcsapda.txt
2014-08-25 02:54 - 2014-08-25 02:54 - 00331568 _____ () C:\Windows\Minidump\082414-7488-01.dmp
2014-08-22 10:50 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-22 10:49 - 2014-08-22 10:49 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-22 04:38 - 2014-09-01 23:37 - 00000456 _____ () C:\Users\Berc\Desktop\Assassin's Creed parancsikonja.lnk
2014-08-22 04:35 - 2014-08-22 03:11 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-08-22 03:07 - 2014-08-22 03:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-08-22 03:02 - 2014-09-01 23:37 - 00001136 _____ () C:\Users\Berc\Desktop\Assassin's Creed II.lnk
2014-08-22 02:27 - 2014-09-01 23:37 - 00000200 _____ () C:\Users\Berc\Desktop\Sid Meier's Civilization V.url
2014-08-20 03:13 - 2014-08-20 03:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-18 10:34 - 2014-08-18 10:34 - 00000000 ____D () C:\ProgramData\Solidshield
2014-08-15 02:27 - 2014-08-15 02:27 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-15 02:27 - 2014-08-15 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-15 02:27 - 2014-08-15 02:26 - 00000000 ____D () C:\ProgramData\Skype
2014-08-11 21:55 - 2014-09-01 23:37 - 00000202 _____ () C:\Users\Berc\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url
2014-08-09 02:22 - 2014-08-03 06:19 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-09 02:22 - 2014-08-03 06:19 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-09 02:22 - 2014-08-03 06:19 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-09 02:22 - 2014-08-03 06:19 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-08 21:35 - 2014-08-08 21:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 21:03 - 2014-08-05 21:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 21:03 - 2014-08-05 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 21:03 - 2014-08-05 21:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-05 21:03 - 2014-08-05 21:03 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-04 08:53 - 2014-08-04 08:45 - 00000000 ____D () C:\Users\Berc\AppData\Roaming\Battle.net
2014-08-04 08:47 - 2014-08-04 08:47 - 00000779 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-08-04 08:47 - 2014-08-04 08:47 - 00000745 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-04 08:47 - 2014-08-04 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-04 08:45 - 2014-08-04 08:45 - 00000758 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-04 08:45 - 2014-08-04 08:45 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-04 08:44 - 2014-08-04 08:44 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-04 02:17 - 2014-08-04 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-04 02:11 - 2014-08-04 02:11 - 00000915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-08-04 02:10 - 2014-08-04 02:08 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-04 02:07 - 2014-08-04 02:07 - 00003134 _____ () C:\Windows\System32\Tasks\{FA00DB6D-FD2B-4334-B809-9387A5528CBF}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 00:33
 
==================== End Of Log ============================
Link to post
Share on other sites

r.killer log : 
 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Berc [Admin rights]
Mode : Scan -- Date : 09/03/2014  15:51:18
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4281973E-6DE9-44D4-9432-5D4F7CCF047C} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\LHDmgr @ Unknown (\SystemRoot\System32\Drivers\Ntfs.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\LHDmgr @ Unknown (\SystemRoot\System32\Drivers\Ntfs.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SMS200S3120G +++++
--- User ---
[MBR] 8a8389c628b97dba4b00ed318c6a73ab
[bSP] 48c2662639ce60fe9171c7c75520e8bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] aedd16f13555cb5918d190fa30706301
[bSP] dbc401f9b96218eabbf064a188d47065 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 952368 MB
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1950453168 | Size: 1500 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

FW: ESET Személyi tűzfal (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

 

Please permanently disable Windows Defender, you have ESET running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

===============================================

Not much showing, lets run some scans:

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ======================================================

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

     

Link to post
Share on other sites

TDSSkiller's first log :
 

16:36:56.0237 0x061c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:37:02.0539 0x061c  ============================================================
16:37:02.0539 0x061c  Current date / time: 2014/09/03 16:37:02.0539
16:37:02.0539 0x061c  SystemInfo:
16:37:02.0539 0x061c  
16:37:02.0539 0x061c  OS Version: 6.1.7600 ServicePack: 0.0
16:37:02.0539 0x061c  Product type: Workstation
16:37:02.0540 0x061c  ComputerName: K
16:37:02.0540 0x061c  UserName: Berc
16:37:02.0540 0x061c  Windows directory: C:\Windows
16:37:02.0540 0x061c  System windows directory: C:\Windows
16:37:02.0540 0x061c  Running under WOW64
16:37:02.0540 0x061c  Processor architecture: Intel x64
16:37:02.0540 0x061c  Number of processors: 8
16:37:02.0540 0x061c  Page size: 0x1000
16:37:02.0540 0x061c  Boot type: Normal boot
16:37:02.0540 0x061c  ============================================================
16:37:02.0623 0x061c  KLMD registered as C:\Windows\system32\drivers\78124676.sys
16:37:02.0725 0x061c  System UUID: {DDDBB749-9878-912C-5B0E-3C5C19F1347E}
16:37:03.0085 0x061c  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:37:03.0102 0x061c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:37:03.0117 0x061c  ============================================================
16:37:03.0117 0x061c  \Device\Harddisk0\DR0:
16:37:03.0117 0x061c  MBR partitions:
16:37:03.0117 0x061c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:37:03.0117 0x061c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
16:37:03.0117 0x061c  \Device\Harddisk1\DR1:
16:37:03.0117 0x061c  MBR partitions:
16:37:03.0117 0x061c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74418000
16:37:03.0118 0x061c  ============================================================
16:37:03.0119 0x061c  C: <-> \Device\Harddisk0\DR0\Partition2
16:37:03.0144 0x061c  D: <-> \Device\Harddisk1\DR1\Partition1
16:37:03.0144 0x061c  ============================================================
16:37:03.0144 0x061c  Initialize success
16:37:03.0144 0x061c  ============================================================
16:37:59.0492 0x14e4  KLMD registered as C:\Windows\system32\drivers\40948773.sys
16:38:00.0055 0x14e4  Deinitialize success
Link to post
Share on other sites

combofix's log

ComboFix 14-08-31.01 - Berc 014.09.03.  17:08:32.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4046.2080 [GMT 2:00]
Running from: c:\users\Berc\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Személyi tuzfal *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-03 to 2014-09-03  )))))))))))))))))))))))))))))))
.
.
2014-09-03 15:11 . 2014-09-03 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 15:11 . 2014-09-03 15:11 -------- d-----w- c:\users\Berc\AppData\Local\temp
2014-09-03 14:35 . 2014-09-03 14:35 -------- d-----w- c:\windows\ERUNT
2014-09-03 13:49 . 2014-09-03 13:49 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-03 13:48 . 2014-09-03 13:49 -------- d-----w- c:\programdata\RogueKiller
2014-09-03 13:25 . 2014-09-03 14:45 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-03 13:25 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-03 13:25 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-03 13:25 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-03 04:29 . 2014-09-03 13:34 -------- d-----w- C:\FRST
2014-09-03 03:43 . 2014-09-03 03:43 -------- d-----w- c:\programdata\Malwarebytes
2014-09-01 21:35 . 2014-09-01 21:35 -------- d-----w- c:\programdata\OEM Links
2014-09-01 21:03 . 2014-09-01 21:07 -------- d-----w- c:\programdata\Tunngle
2014-08-31 07:34 . 2014-08-31 07:34 -------- d-----w- c:\users\Berc\AppData\Local\ElevatedDiagnostics
2014-08-30 04:10 . 2014-08-30 04:10 -------- d-----w- c:\users\Berc\AppData\Local\EdgeOfReality
2014-08-22 08:49 . 2014-08-22 08:49 -------- d-----w- c:\programdata\Logs
2014-08-22 08:49 . 2014-08-22 08:49 -------- d-----w- c:\programdata\Licenses
2014-08-22 01:16 . 2014-09-03 02:02 -------- d-----w- c:\users\Berc\AppData\Local\Ubisoft Game Launcher
2014-08-22 01:11 . 2014-08-22 02:35 -------- d-----w- c:\programdata\Ubisoft
2014-08-22 01:07 . 2014-08-22 01:07 -------- d-----w- c:\program files (x86)\Ubisoft
2014-08-18 08:34 . 2014-08-18 08:34 -------- d-----w- c:\programdata\Solidshield
2014-08-18 08:28 . 2008-10-15 13:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-08-18 08:28 . 2008-10-15 13:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-08-18 08:28 . 2008-10-15 13:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2014-08-18 08:28 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2014-08-18 08:28 . 2008-10-15 13:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-08-18 08:28 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----w- c:\users\Berc\AppData\Local\Skype
2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-15 00:27 . 2014-08-15 00:27 -------- d-----r- c:\program files (x86)\Skype
2014-08-15 00:26 . 2014-08-15 00:27 -------- d-----w- c:\programdata\Skype
2014-08-14 03:45 . 2014-08-14 03:45 -------- d-----w- c:\users\Berc\AppData\Local\Ubisoft
2014-08-06 22:41 . 2009-09-16 14:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2014-08-06 06:54 . 2014-08-06 06:54 -------- d-----w- c:\users\Berc\AppData\Local\Blizzard
2014-08-06 05:16 . 2014-08-06 05:16 -------- d-----w- c:\users\Berc\AppData\Local\Adobe
2014-08-05 19:03 . 2014-08-05 19:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-05 19:03 . 2014-08-05 19:03 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-05 19:03 . 2014-08-05 19:03 -------- d-----w- c:\windows\SysWow64\Macromed
2014-08-05 19:03 . 2014-08-05 19:03 -------- d-----w- c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 00:22 . 2014-08-03 04:19 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-09 00:22 . 2014-08-03 04:19 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-09 00:22 . 2014-08-03 04:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-09 00:22 . 2014-08-03 04:19 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-02 22:02 . 2014-08-02 22:02 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-02 15:41 . 2014-08-02 15:41 19872 ----a-w- c:\windows\system32\LenovoSDKEmSubSystem.dll
2014-08-02 15:41 . 2014-08-02 15:41 39008 ----a-w- c:\windows\system32\drivers\LhdX64.sys
2014-08-02 15:41 . 2012-05-15 16:22 33560 ----a-w- c:\windows\system32\drivers\AcpiVpc.sys
2014-07-23 17:52 . 2014-08-02 15:28 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-14 11:12 . 2014-08-02 15:28 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D879F2-3E36-48B2-8616-EC9653B90AC5}\mpengine.dll
2014-07-02 20:48 . 2014-08-03 04:26 944928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-08-03 04:26 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-08-03 04:26 903624 ----a-w- c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-08-03 04:26 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-08-03 04:26 502232 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-07-02 20:48 . 2014-08-03 04:26 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-08-03 04:26 418760 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-07-02 20:48 . 2014-08-03 04:26 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-08-03 04:26 391640 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-08-03 04:26 348120 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-08-03 04:26 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-08-03 04:26 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-08-03 04:26 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-08-03 04:26 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-08-03 04:26 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-08-03 04:26 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-08-03 04:26 13922752 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-08-03 04:26 13835208 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-08-03 04:26 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-08-03 04:26 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-08-03 04:26 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2014-08-03 04:26 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-08-03 04:26 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-08-02 15:20 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-08-02 15:20 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-08-02 15:18 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-08-02 15:18 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-08-02 15:18 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-08-02 15:18 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2014-08-02 15:20 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-08-02 15:20 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-08-02 15:20 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-08-02 15:20 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-08-02 15:20 618440 ----a-w- c:\windows\SysWow64\oemdspif.dll
2014-07-02 18:55 . 2014-08-02 15:20 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-08-02 15:20 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-08-03 04:27 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2014-08-03 04:27 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="d:\egyéb\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe;d:\malwarebytes anti-malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TunngleService;TunngleService;d:\tunngle\TnglCtrl.exe;d:\tunngle\TnglCtrl.exe [x]
R4 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe;d:\malwarebytes anti-malware\mbamscheduler.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05 19:03]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 16:01]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 16:01]
.
2014-09-01 c:\windows\Tasks\Norton Security Scan for Berc.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-08-02 06:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-28 12937872]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-07-11 1214608]
"RtsFT"="RTFTrack.exe" [2012-08-07 6334096]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-08-02 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-08-02 191544]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-18168778.sys
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-03  17:12:08
ComboFix-quarantined-files.txt  2014-09-03 15:12
.
Pre-Run: 82 738 049 024 bájt szabad
Post-Run: 82 492 039 168 bájt szabad
.
- - End Of File - - E9702A0DB0508AC232366194C69A7FEA
Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

adwcleaner deleted nothing , here is the log :
 

# AdwCleaner v3.309 - Report created 03/09/2014 at 17:40:46
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Berc - K
# Running from : C:\Users\Berc\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Berc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [762 octets] - [03/09/2014 17:37:33]
AdwCleaner[s0].txt - [684 octets] - [03/09/2014 17:40:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [743 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by Berc on 2014.09.03. at 17:47:22,67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2014.09.03. at 17:50:58,60

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

I don't see any malware on the system......

Before you go:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

here is the log :
 

Results of screen317's Security Check version 0.99.87  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 7.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 37.0.2062.102  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.