Vyskakovací reklamy, samovolné vypínání ntb Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod jerabina » 11 bře 2016 21:31

Co problémy?
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Nahoru
Reklama
Top
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 11 bře 2016 23:47

Reklamy přestaly, žádné okna už nevyskakují.. Ovšem to samovolné vypínání nevím, to dělá jednou za čas, to poznám, až na tom ntb budu pracovat, doteď se na něm nedalo dělat skoro nic, takže jen ležel... Nicméně, kdyby se to stále vypínalo, tak už by chyba pravděpodobně nebyla softwarová?

Jinak velmi děkuji a jsem zavázána, zatím alespoň za ty reklamy. :)
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod jaro3 » 12 bře 2016 09:26

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 14 bře 2016 20:08

Tak Memtest jsem musela rozdělit, jelikož mi to nechce kontrolovat celou RAM naraz. Mezitím se mi ntb 2x restaroval, nicméně teď už jede program nějakých 5 hodin a pořád 0 errors.



----------------------------------------------------------------------------
CrystalDiskInfo 6.7.0 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2016/03/14 20:05:20

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- ST500LT012-1DG142
- MATSHITA DVD-RAM UJ8C2Q
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST500LT012-1DG142 : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST500LT012-1DG142
----------------------------------------------------------------------------
Model : ST500LT012-1DG142
Firmware : 0001SDM1
Serial Number : SBY42DFZ
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : Neznámy údaj
Queue Depth : 32 # of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 69 hod.
Power On Count : 80 krát
Temperature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 111 _99 __6 0000025D8C58 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000050 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _64 _60 _30 0000002D3C28 Počet chybných hledání
09 100 100 __0 9A1D00000045 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000050 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _68 _61 _45 000020160020 Teplota toku vzduchu
BF 100 100 __0 000000000008 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000005 Počet vypnutí disku
C1 _99 _99 __0 000000000A80 Počet cyklů načítání/vymazání
C2 _32 _40 __0 001300000020 Teplota
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 100 __0 C7A10000003F Čas nastavování hlaviček - v hodinách
F1 100 253 __0 0000200557AD Total Host Writes
F2 100 253 __0 000024522190 Total Host Reads
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5342 5934 3244 465A
020: 0000 0000 0004 3030 3031 5344 4D31 5354 3530 304C
030: 5430 3132 2D31 4447 3134 3220 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 0048 0040
080: 01F0 0029 746B 7D69 6163 7469 BC49 6163 407F 002F
090: 002F 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 C500
110: 8C96 03BD 0000 0000 0000 0000 0000 0000 0000 401E
120: 401E 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 7CFF 0280 0000 0000
150: 0008 0000 0000 0000 1028 0000 4000 0000 7500 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 1035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0002 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 41A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 6F 63 58 8C 5D 02 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 64 64 50
020: 00 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 40 3C 28 3C 2D 00 00 00 00 09 32
040: 00 64 64 45 00 00 00 1D 9A 1B 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 50 00 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 44 3D 20 00 16 20 00 00 00 BF 32
0A0: 00 64 64 08 00 00 00 00 00 00 C0 32 00 64 64 05
0B0: 00 00 00 00 00 00 C1 32 00 63 63 80 0A 00 00 00
0C0: 00 00 C2 22 00 20 28 20 00 00 00 13 00 00 C5 12
0D0: 00 64 64 00 00 00 00 00 00 00 C6 10 00 64 64 00
0E0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0F0: 00 00 F0 00 00 64 64 3F 00 00 00 A1 C7 02 F1 00
100: 00 64 FD AD 57 05 20 00 00 00 F2 00 00 64 FD 90
110: 21 52 24 00 00 00 FE 32 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 61 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 A8 11 00 00 00 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 08 00 00 00 6A 54 EB 4F 3A 00 00 00
1B0: 00 00 00 00 01 00 0D 00 AD 57 05 20 00 00 00 00
1C0: 90 21 52 24 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 01 00 00 00 00 00 00 00 73 03 00 00 01 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B9

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9C
Nahoru
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod jerabina » 14 bře 2016 21:21

0000025D8C58 Počet chyb čtení
0000002D3C28 Počet chybných hledání
C7A10000003F Čas nastavování hlaviček - v hodinách

Ten CDI zítra znovu prosím, některé údaje tam jsou zvláštní např. ten 000000000000 Čas na roztočení ploten

+ udělej toto:

Stáhni si Emsisoft Emergency Kit
http://dl.emsisoft.com/EmsisoftEmergencyKit.exe
na svojí plochu. Poklepej na soubor EmsisoftEmergencyKit.exe . Ponech všechna nastavení tak, jak jsou a klikni na tlačítko „Extract“ v dolní části. Složka s názvem EEK bude vytvořena v kořenovém adresáři jednotky (obvykle c: \).

1) Po extrakci poklikej na novou ikonu Emsisoft Emergency Kit na Tvé ploše.
2) Při prvním spuštění Emsisoft Emergency Kit doporučujeme povolit stahování aktualizací. Prosím, klepni na tlačítko „Yes“ (Ano), potom se stáhne nejnovější aktualizace databáze.
3) Po dokončení procesu aktualizace se zobrazí nové tlačítko v levém dolním rohu, s názvem „ Back“. Klikni na toto tlačítko pro návrat na předešlou obrazovku .
4) Klikni na „Scan“ , ukáží se volby skenování. Pokud budeš dotázán, zda chceš, aby se vyhledávaly potenciálně nežádoucí programy, klepni na tlačítko „Yes“(Ano).
5) Klikni na tlačítko „Full Scan“ pro zahájení skenování.
6) Když je skenování dokončeno klikni na tlačítko „Quarantine“ (karanténa vybraných objektů). Poznámka: Tato možnost je k dispozici pouze v případě, že během kontroly byly zjištěny škodlivé objekty.
7) Když budou v karanténě hrozby, klepni na tlačítko „View report“ (Zobrazit zprávy) v pravém dolním rohu, a protokol skenu se otevře v poznámkovém bloku.
8) Prosím ulož si protokol v poznámkovém bloku na plochu, a vlož sem celý jeho obsah.
9) Když zavřeš Emsisoft Emergency Kit, bude Ti nabídnuta možnost přihlásit se k odběru novinek. Toto je volitelné a není to nezbytné odstraňování malware.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 14 bře 2016 22:39

Emsisoft Emergency Kit - Version 11.0
Last update: 14. 3. 2016 21:52:10
User account: Acer\Mandarinka

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 14. 3. 2016 22:15:45
C:\Program Files (x86)\hypercam toolbar detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} detected: Adware.Win32.Mostofate (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} detected: Adware.Win32.SoftTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} detected: Adware.Win32.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} detected: Application.BHO (A)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\dnslockington.exe.vir detected: Gen:Variant.Adware.DNSUnlocker.1 (B)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\ProgramData\73651a75\1743fb96.dll.vir detected: Gen:Variant.Adware.DNSUnlocker.1 (B)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\ProgramData\a47f2c5a-4457-0\a47f2c5a-4457-0.d.vir detected: Gen:Variant.Adware.DNSUnlocker.1 (B)
C:\Users\Mandarinka\AppData\Local\Temp\is-RSIBO.tmp\OCSetupHlp.dll detected: Application.InstallAd (A)

Scanned 203163
Found 51

Scan end: 14. 3. 2016 22:34:30
Scan time: 0:18:45

C:\Users\Mandarinka\AppData\Local\Temp\is-RSIBO.tmp\OCSetupHlp.dll Application.InstallAd (A)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\ProgramData\a47f2c5a-4457-0\a47f2c5a-4457-0.d.vir Gen:Variant.Adware.DNSUnlocker.1 (B)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\ProgramData\73651a75\1743fb96.dll.vir Gen:Variant.Adware.DNSUnlocker.1 (B)
C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\dnslockington.exe.vir Gen:Variant.Adware.DNSUnlocker.1 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER.1 Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMOBJECT.DESKBARENABLER Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Adware.Win32.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Adware.Win32.SoftTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Adware.Win32.Mostofate (A)

Quarantined 30
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod jaro3 » 15 bře 2016 08:51

smazalo se vše?

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

vypíná se to v zátěži? Možná si zadej nové téma v sekci "problém s HW".
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 15 bře 2016 18:10

Zasílám dnešní CDI. Jo, omlouvám se, zapomněla jsem to dopsat, jedna věc nešla smazat, tak jsem ji odinstalovala - jednalo se o nějaký HyperCam Toolbar. Neměla jsem?

No .. v zátěži .. to je těžké říci, možná se to vypíná častěji, když jsem se na tom pokoušela spustit hru, tak se to vypínalo co 10 min cca, ovšem podmínkou to není, vypne se to klidně i když má člověk zapnuté jen jedno okno na webu s mailem, jen je tam delší interval cca 5x za den při klasické práci na netu, jak kdy, někdy to jede i celý den bez vypnutí.

No pokud je problém v HW, tak ten stejně moc vyřeším, ntb je v záruce, takže do něj nemohu nijak sahat, mohu ho jít jen znovu reklamovat. Vycházela jsem z toho, že mi v servise sdělili, že je problém softwarový a to mi ještě řekli, že znovu přeinstalovali win a to ani neudělali. Nevím, co tedy s ntb dělali, ovšem když mi jej vrátili, tak se mi začali všude objevovat ty reklamy...


----------------------------------------------------------------------------
CrystalDiskInfo 6.7.0 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2016/03/15 18:08:55

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- ST500LT012-1DG142
- MATSHITA DVD-RAM UJ8C2Q
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST500LT012-1DG142 : 500,1 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST500LT012-1DG142
----------------------------------------------------------------------------
Model : ST500LT012-1DG142
Firmware : 0001SDM1
Serial Number : SBY42DFZ
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : Neznámy údaj
Queue Depth : 32 # of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 76 hod.
Power On Count : 82 krát
Temperature : 30 C (86 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 105 _99 __6 000000850870 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000052 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _65 _60 _30 000000335131 Počet chybných hledání
09 100 100 __0 8EED0000004C Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000052 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _70 _61 _45 00002015001E Teplota toku vzduchu
BF 100 100 __0 000000000008 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000005 Počet vypnutí disku
C1 _99 _99 __0 000000000C00 Počet cyklů načítání/vymazání
C2 _30 _40 __0 00120000001E Teplota
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 100 __0 5BB200000044 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 000020E52487 Total Host Writes
F2 100 253 __0 0000287F41CD Total Host Reads
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5342 5934 3244 465A
020: 0000 0000 0004 3030 3031 5344 4D31 5354 3530 304C
030: 5430 3132 2D31 4447 3134 3220 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 0048 0040
080: 01F0 0029 746B 7D69 6163 7469 BC49 6163 007F 002F
090: 002F 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 C500
110: 8C96 03BD 0000 0000 0000 0000 0000 0000 0000 401E
120: 401E 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 7CFF 0280 0000 0000
150: 0008 0000 0000 0000 1028 0000 4000 0000 7500 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 1035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0002 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7DA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 69 63 70 08 85 00 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 64 64 52
020: 00 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 41 3C 31 51 33 00 00 00 00 09 32
040: 00 64 64 4C 00 00 00 ED 8E 14 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 52 00 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 46 3D 1E 00 15 20 00 00 00 BF 32
0A0: 00 64 64 08 00 00 00 00 00 00 C0 32 00 64 64 05
0B0: 00 00 00 00 00 00 C1 32 00 63 63 00 0C 00 00 00
0C0: 00 00 C2 22 00 1E 28 1E 00 00 00 12 00 00 C5 12
0D0: 00 64 64 00 00 00 00 00 00 00 C6 10 00 64 64 00
0E0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0F0: 00 00 F0 00 00 64 64 44 00 00 00 B2 5B 35 F1 00
100: 00 64 FD 87 24 E5 20 00 00 00 F2 00 00 64 FD CD
110: 41 7F 28 00 00 00 FE 32 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 61 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 61 08 00 00 02 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 08 00 00 00 42 1A 71 12 40 00 00 00
1B0: 00 00 00 00 01 00 0D 00 87 24 E5 20 00 00 00 00
1C0: CD 41 7F 28 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 01 00 00 00 00 00 00 00 75 16 00 00 01 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E1

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9C
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 15 bře 2016 18:23

OTL logfile created on: 15. 3. 2016 18:13:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mandarinka\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18231)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

5,89 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,74% Memory free
7,34 Gb Paging File | 5,56 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,42 Gb Total Space | 425,29 Gb Free Space | 91,38% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: Mandarinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mandarinka\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (epp) -- C:\EEK\bin64\epp.sys (Emsisoft Ltd)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found



[2016/03/05 08:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandarinka\AppData\Roaming\Mozilla\Extensions
[2016/03/05 08:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandarinka\AppData\Roaming\Mozilla\Firefox\Profiles\ecbcxxsj.default\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\

O1 HOSTS File: ([2016/03/11 00:44:53 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RadioController] C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Dritek System Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69989CFC-404F-4BBB-97B7-71F88F0183EC}: DhcpNameServer = 82.163.142.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}: DhcpNameServer = 82.163.142.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/14 21:41:33 | 000,000,000 | ---D | C] -- C:\EEK
[2016/03/14 20:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2016/03/14 20:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2016/03/12 10:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2016/03/12 10:36:49 | 000,466,432 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2016/03/12 10:36:49 | 000,144,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\escsvc64.exe
[2016/03/12 10:36:16 | 000,000,000 | ---D | C] -- C:\Users\Mandarinka\AppData\Roaming\Epson
[2016/03/12 10:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON
[2016/03/12 10:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2016/03/12 10:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software
[2016/03/12 09:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2016/03/12 09:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2016/03/12 09:07:41 | 000,179,712 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBLQE.DLL
[2016/03/12 09:07:41 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ID4BLQE.DLL
[2016/03/12 09:07:41 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2016/03/11 12:48:29 | 000,000,000 | ---D | C] -- C:\FRST
[2016/03/11 12:47:47 | 002,374,144 | ---- | C] (Farbar) -- C:\Users\Mandarinka\Desktop\FRST64.exe
[2016/03/11 00:55:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016/03/11 00:54:34 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2016/03/11 00:54:34 | 000,000,000 | ---D | C] -- C:\Users\Mandarinka\AppData\Local\Temp
[2016/03/11 00:44:08 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2016/03/10 12:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2016/03/10 12:02:44 | 001,609,216 | ---- | C] (Malwarebytes) -- C:\Users\Mandarinka\Desktop\JRT.exe
[2016/03/09 18:20:12 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/03/09 18:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/03/09 18:19:41 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/03/09 18:19:41 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/03/09 18:19:41 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/03/09 18:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/03/09 18:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/03/09 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdwCleaner
[2016/03/08 23:17:31 | 001,373,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/03/08 23:17:31 | 001,168,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/03/08 23:17:31 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/03/08 23:17:31 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/03/08 23:17:31 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/03/08 23:17:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/03/08 23:17:31 | 000,046,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/03/08 23:17:00 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/03/08 23:16:58 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/03/08 23:16:57 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2016/03/08 23:16:57 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/08 23:16:57 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/03/08 23:16:57 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hlink.dll
[2016/03/08 23:16:56 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/03/08 23:16:56 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/03/08 23:16:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/03/08 23:16:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/03/08 23:16:55 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/08 23:16:55 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/08 23:16:15 | 001,335,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mispace.dll
[2016/03/08 23:16:15 | 001,063,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mispace.dll
[2016/03/08 23:16:15 | 000,419,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2016/03/08 23:16:15 | 000,378,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2016/03/08 23:16:15 | 000,331,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2016/03/08 23:15:54 | 007,784,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Data.Pdf.dll
[2016/03/08 23:15:54 | 007,075,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2016/03/08 23:15:54 | 005,268,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2016/03/08 23:15:54 | 005,264,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Data.Pdf.dll
[2016/03/08 23:15:35 | 000,218,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2016/03/08 23:15:17 | 000,875,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr120_clr0400.dll
[2016/03/08 23:15:17 | 000,869,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr120_clr0400.dll
[2016/03/08 23:15:17 | 000,678,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp120_clr0400.dll
[2016/03/08 23:15:17 | 000,536,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp120_clr0400.dll
[2016/03/08 23:14:36 | 000,177,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2016/03/08 23:14:36 | 000,148,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2016/03/08 23:14:18 | 001,661,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2016/03/08 23:14:01 | 002,244,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/03/08 23:14:01 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/03/08 23:14:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/08 23:14:01 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2016/03/08 23:14:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/03/08 23:14:01 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/03/08 23:14:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/08 23:14:00 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/03/08 23:14:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/08 23:14:00 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/03/08 23:14:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/08 23:13:39 | 001,707,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2016/03/08 23:13:38 | 001,344,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2016/03/08 23:13:18 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2016/03/08 23:13:18 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/03/08 23:12:40 | 000,470,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2016/03/08 23:12:22 | 015,432,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/03/08 23:12:22 | 013,318,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/08 23:12:22 | 000,292,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMASF.DLL
[2016/03/08 23:11:26 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/03/08 23:11:26 | 000,301,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/08 23:11:26 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/03/08 23:11:25 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/08 23:11:07 | 000,839,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2016/03/08 23:10:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msra.exe
[2016/03/08 23:10:29 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/03/08 23:10:29 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/08 23:10:09 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2016/03/08 23:09:51 | 002,487,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2016/03/08 23:09:51 | 001,482,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2016/03/08 23:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/03/07 23:17:39 | 001,442,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/03/07 23:17:39 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/03/07 23:17:39 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/03/07 23:17:39 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapisrv.dll
[2016/03/07 23:17:30 | 014,467,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2016/03/07 23:17:29 | 012,879,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2016/03/07 23:17:27 | 002,778,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2016/03/07 23:17:27 | 002,464,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2016/03/07 23:16:45 | 007,453,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/03/07 23:16:45 | 002,175,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll
[2016/03/07 23:16:45 | 001,737,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/03/07 23:16:45 | 001,133,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/03/07 23:16:44 | 001,564,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll
[2016/03/07 23:16:44 | 001,063,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll
[2016/03/07 23:16:44 | 000,548,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll
[2016/03/07 23:16:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincorlib.dll
[2016/03/07 23:16:44 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-system-events.dll
[2016/03/07 22:47:28 | 000,000,000 | ---D | C] -- C:\Users\Mandarinka\AppData\Local\Diagnostics
[2016/03/04 21:30:20 | 000,000,000 | ---D | C] -- C:\Users\Mandarinka\AppData\Roaming\Mozilla
[2016/03/04 21:30:20 | 000,000,000 | ---D | C] -- C:\Users\Mandarinka\AppData\Local\Mozilla

========== Files - Modified Within 30 Days ==========

[2016/03/15 18:08:00 | 000,000,929 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {2C8E071D-EEF4-4163-8671-03BC9D919B9B}.job
[2016/03/15 18:08:00 | 000,000,743 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {2C8E071D-EEF4-4163-8671-03BC9D919B9B}.job
[2016/03/15 15:12:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/03/14 20:04:27 | 000,001,202 | ---- | M] () -- C:\Users\Mandarinka\Desktop\CrystalDiskInfo.lnk
[2016/03/13 12:39:00 | 001,658,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/03/13 12:39:00 | 000,705,506 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/03/13 12:39:00 | 000,687,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/03/13 12:39:00 | 000,143,830 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/03/13 12:39:00 | 000,127,812 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/03/13 12:34:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/03/13 12:34:24 | 768,688,127 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/12 10:36:50 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2016/03/11 17:54:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2016/03/11 13:19:13 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/03/11 12:47:52 | 002,374,144 | ---- | M] (Farbar) -- C:\Users\Mandarinka\Desktop\FRST64.exe
[2016/03/11 01:03:02 | 000,000,512 | ---- | M] () -- C:\Users\Mandarinka\Desktop\MBR.dat
[2016/03/11 00:55:29 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2016/03/11 00:44:53 | 000,000,753 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016/03/11 00:44:08 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2016/03/10 23:34:10 | 001,309,184 | ---- | M] () -- C:\Users\Mandarinka\Desktop\zoek.exe
[2016/03/10 12:26:55 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2016/03/10 12:16:09 | 023,680,584 | ---- | M] () -- C:\Users\Mandarinka\Desktop\RogueKillerX64.exe
[2016/03/10 12:11:17 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/03/10 12:02:48 | 001,609,216 | ---- | M] (Malwarebytes) -- C:\Users\Mandarinka\Desktop\JRT.exe
[2016/03/09 17:35:53 | 000,337,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/03/08 08:00:28 | 000,829,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/03/08 08:00:28 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/02/21 21:42:38 | 000,032,768 | ---- | M] () -- C:\Users\Mandarinka\Desktop\memtest.exe
[2016/02/21 20:19:24 | 000,012,929 | ---- | M] () -- C:\Users\Mandarinka\Desktop\manual.html
[2016/02/20 16:45:20 | 001,373,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/02/20 16:45:20 | 001,168,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/02/20 16:45:20 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/02/20 16:45:20 | 000,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/02/20 16:45:20 | 000,499,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/02/20 16:45:20 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll

========== Files Created - No Company Name ==========

[2016/03/14 20:04:27 | 000,001,202 | ---- | C] () -- C:\Users\Mandarinka\Desktop\CrystalDiskInfo.lnk
[2016/03/12 10:43:23 | 000,032,768 | ---- | C] () -- C:\Users\Mandarinka\Desktop\memtest.exe
[2016/03/12 10:43:23 | 000,012,929 | ---- | C] () -- C:\Users\Mandarinka\Desktop\manual.html
[2016/03/12 10:36:50 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2016/03/12 09:08:56 | 000,000,929 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Update {2C8E071D-EEF4-4163-8671-03BC9D919B9B}.job
[2016/03/12 09:08:56 | 000,000,743 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {2C8E071D-EEF4-4163-8671-03BC9D919B9B}.job
[2016/03/11 17:54:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/03/11 01:03:02 | 000,000,512 | ---- | C] () -- C:\Users\Mandarinka\Desktop\MBR.dat
[2016/03/11 00:54:35 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2016/03/10 23:34:08 | 001,309,184 | ---- | C] () -- C:\Users\Mandarinka\Desktop\zoek.exe
[2016/03/10 12:26:55 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2016/03/10 12:16:03 | 023,680,584 | ---- | C] () -- C:\Users\Mandarinka\Desktop\RogueKillerX64.exe
[2016/03/07 23:12:50 | 000,002,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/03/07 23:12:50 | 000,002,203 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/02/05 22:40:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/02/05 09:26:40 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2015/08/27 18:20:08 | 000,194,560 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2015/08/27 18:20:08 | 000,154,096 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/11/21 06:26:20 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2014/11/21 06:24:41 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/11/21 06:02:05 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 09:01:44 | 022,365,992 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 08:11:11 | 019,794,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/11/21 06:24:57 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/21 06:25:59 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/11/21 06:24:57 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/03/12 10:36:16 | 000,000,000 | ---D | M] -- C:\Users\Mandarinka\AppData\Roaming\Epson
[2016/02/05 14:17:49 | 000,000,000 | ---D | M] -- C:\Users\Mandarinka\AppData\Roaming\MAGIX

========== Purity Check ==========



< End of report >
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 15 bře 2016 18:23

OTL Extras logfile created on: 15. 3. 2016 18:13:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mandarinka\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18231)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

5,89 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,74% Memory free
7,34 Gb Paging File | 5,56 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,42 Gb Total Space | 425,29 Gb Free Space | 91,38% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: Mandarinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044D6996-54E8-436D-A722-36763ACD7CDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{0902416D-89A5-4631-BAD1-3E07608C6F67}" = rport=445 | protocol=6 | dir=out | app=system |
"{0F283280-4468-4900-8A96-7DBB7B52361F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F47FDEA-2149-4BFD-BA5D-51DF530984E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{12D2FAE5-1CEF-4F32-A385-80D388CBA9BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{227F12D1-EA46-4BE6-AFFB-BE5A83905D6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2B4A4E32-2037-43B7-8CD9-7817D78ED19D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{2E25ECFC-7350-4277-B65D-DFDA3DFDE588}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3233008C-B487-4041-800D-7AB016A5494F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{38666620-4DED-4ED5-8574-21F37554844A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49F2AD5A-EA43-47CE-B933-E3CD8AF19BA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EBDC72B-C3BF-44C2-9E98-DF6913BEC2B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{6143296B-5DCC-4EB3-931F-4679A5CFBE6F}" = lport=445 | protocol=6 | dir=in | app=system |
"{712E5A12-05BD-40C6-BF74-D21E50AFB38E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CF5E3A3-201E-4843-9200-9A401CCD63AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E7EFBEA-81DC-4FC4-A019-78DB7DB57C37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89D0870F-74FD-4F3F-817C-F99942C951C9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C1AF08E-E70F-43D2-A2E1-11F1595B65CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99EA2BFA-68C1-4ACC-B3E4-D81346CCF3F9}" = lport=2968 | protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{AD20C797-CEBC-412B-AC1F-976A31FCD401}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C7474-C03A-4483-BB08-05AB0AB4618D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E4408EE0-F4DE-4BB6-BF9E-93A485DA5C67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE6AB21A-C9BA-4EC3-8311-2798BE52D10C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0F90420-965A-451C-8518-51F60F1B1666}" = lport=2968 | protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0001BB6E-30DA-4850-8B41-FD59642116C2}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{007193A8-6065-44A7-964B-D0DEE5735891}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03C4D437-B21C-436A-AE16-06A173EBAC34}" = dir=out | name=onenote |
"{092F6BBA-8D5D-443B-9CC7-6F932F9D4FD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C2ED7FA-45C4-43FA-BA60-EA7A707CFE0C}" = dir=in | name=skype |
"{1B846FBE-CBB4-4BCB-A863-9B32D51F6C70}" = dir=out | name=@{microsoft.zunevideo_2.6.344.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2157B11C-C337-47D4-ACF5-C8972123C185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25FCEA30-BBCD-44FE-AE70-51AAFF4877A3}" = dir=in | name=skype |
"{265730E6-D923-4FF8-8B95-673EE8BAA2D0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{2A7B33A3-69B6-4423-8FC8-761EDCF57088}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{2D398A2F-36A0-4190-987F-0D3C13B0F2F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D8CF498-75CA-4CC2-ADBF-7314EC906324}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3748C51B-E0BD-4A70-BEEE-94A194B75A6A}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3A231371-FE0E-40A1-B201-A344F4910CD2}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4732BAF1-5D60-4A26-A47C-38A7806C15C3}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{4848C8DA-2FA1-4590-8ED9-40299A0FAA1C}" = dir=in | name=onenote |
"{4C9D4F08-C070-422A-BF6E-8C9AF1C04F01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{67FAC63B-0C5F-47B6-979A-6C8C79798734}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{694B7B2B-7879-4B42-945F-B9475D38AFE3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{734D1045-8463-40DE-8C40-6E3C34A608A2}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7421ADAD-5525-47FA-BDAB-23D2225CA1F1}" = protocol=6 | dir=out | app=system |
"{79301149-25AD-4C56-A2B1-A6781C3F2902}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BE68A54-CAC3-4323-B65A-E185D3DF09A4}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{7D042655-5736-4847-ADD9-B59BA3701695}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8CD22797-E0A8-483A-BA11-F4F640275D1D}" = dir=out | name=skype |
"{8D3C3E39-56AC-4FD1-B601-774CBEC1E781}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{8DC96348-6823-4B1E-A00B-31AA8AE0E6D0}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{933FE297-CB80-488C-BB6D-0789B4D8AA96}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{95E78261-AEA5-47F4-8689-E34F0A938040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9856BE6A-6B82-424C-A5E9-685F888DE303}" = dir=in | name=onenote |
"{9BD6ED0E-518D-4333-841C-3B116ADF7A19}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A3CF4E85-D622-4BEC-840C-AD41B86D2E29}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{ACB6FF7D-48AA-4080-8B52-20567782C002}" = dir=out | name=@{microsoft.zunemusic_2.6.320.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{AE6452F8-DE1D-4AEB-B7B2-49C37D89EA01}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{B9ED1E45-C207-43BE-AE8F-9ED15A0B762B}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{BB459F20-C72E-4C3E-A9BE-8D45B143C6EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD593ECD-EFF4-4789-94F3-0471B7300C1E}" = dir=out | name=@{microsoft.zunemusic_2.6.320.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{BE62C450-E434-4726-AA95-91978B380EF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF3C6A8F-6087-47AA-90C5-9906C131C0A1}" = dir=out | name=skype |
"{C0495E7A-5FE0-4937-AA88-C44D1B6569EC}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{C0512AF4-D1DC-4935-822F-661EDEA38923}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4327528-2646-415E-B576-E6BD8B2CFD86}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C4A08B67-1A04-4078-87E4-A4931C35924A}" = dir=in | name=onenote |
"{C849C135-CD83-4B74-BD86-EDAEF2CFF073}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{CC2E0C42-6D94-49B1-84C6-B7B7A0324DA5}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA5D29C0-C2E2-4EF7-A664-78282C3C592C}" = dir=out | name=onenote |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E033EEB3-9A78-4746-B929-DD8A858A417B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{E0D5946A-3241-4B02-8FE5-E5CC52F68EDC}" = dir=out | name=onenote |
"{E2643D94-F32C-431B-A59A-0228343BDF20}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{E26BA864-BA65-4FC0-9804-8124DAC75F50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8615EEC-BC75-46A1-950E-38CF1F76B1A0}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED339434-7C97-4B4F-9115-119C8157CE8E}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{F3714957-6A77-4829-BE3F-A85DA63972B3}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F4C61AB0-E354-4D3B-8FD7-013C2D89382B}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F671AB12-8081-443D-A8CE-9114A1BAF64D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F82CC910-770C-4B68-8F52-046B3C96A98B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F83B66B5-BD2C-4808-9FB5-514D5D75BADB}" = dir=out | name=windows_ie_ac_001 |
"{FAA6ADB8-59CB-4340-9509-6F763D14DC85}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FC87BFF0-2FDD-492F-B695-7D3AE4299DE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}" = Dolby Digital Plus Home Theater
"CCleaner" = CCleaner
"EPSON XP-610 Series" = EPSON XP-610 Series Printer Uninstall
"WinRAR archiver" = WinRAR 5.21 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{17FA0444-A025-43B9-862C-81AE6307C2F2}" = Epson Event Manager
"{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}" = Software Updater
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.7.0
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.0.1024
"RadioController" = Dritek Radio Controller
"The KMPlayer" = KMPlayer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3. 3. 2016 16:51:24 | Computer Name = Acer | Source = Application Error | ID = 1000
Description = Název chybující aplikace: regsvr32.exe, verze: 6.3.9600.17415, časové
razítko: 0x54505249 Název chybujícího modulu: REI_Engine.DLL_unloaded, verze: 1.8.2.6,
časové razítko: 0x5640b6d1 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000041dfe6
ID
chybujícího procesu: 0xa70 Čas spuštění chybující aplikace: 0x01d1758e72e4cb28 Cesta
k chybující aplikaci: C:\Windows\system32\regsvr32.exe Cesta k chybujícímu modulu:
REI_Engine.DLL ID zprávy: b0b2b865-e181-11e5-8261-b888e3aa6796 Úplný název chybujícího
balíčku: ID aplikace související s chybujícím balíčkem:

Error - 4. 3. 2016 19:45:01 | Computer Name = Acer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5. 3. 2016 7:03:24 | Computer Name = Acer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6. 3. 2016 9:49:10 | Computer Name = Acer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7. 3. 2016 15:41:14 | Computer Name = Acer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7. 3. 2016 18:08:44 | Computer Name = Acer | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Balíček DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default
se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error - 7. 3. 2016 21:28:49 | Computer Name = Acer | Source = ESENT | ID = 455
Description = svchost (1256) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU0002B.log
došlo k chybě -1811 (0xfffff8ed).

Error - 9. 3. 2016 14:26:37 | Computer Name = Acer | Source = .NET Runtime | ID = 1026
Description =

Error - 9. 3. 2016 14:26:38 | Computer Name = Acer | Source = Application Error | ID = 1000
Description = Název chybující aplikace: dnslockington.exe, verze: 1.0.0.0, časové
razítko: 0x56d2dda2 Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18202,
časové razítko: 0x569e7eb1 Kód výjimky: 0xe0434352 Posun chyby: 0x0000000000008a5c
ID
chybujícího procesu: 0x58c Čas spuštění chybující aplikace: 0x01d17a25aab0063a Cesta
k chybující aplikaci: C:\Program Files (x86)\DNS Unlocker\dnslockington.exe Cesta
k chybujícímu modulu: C:\Windows\system32\KERNELBASE.dll ID zprávy: 7598a764-e624-11e5-8262-b888e3aa6796
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

Error - 11. 3. 2016 11:24:09 | Computer Name = Acer | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 11. 3. 2016 7:58:41 | Computer Name = Acer | Source = DCOM | ID = 10010
Description =

Error - 11. 3. 2016 7:59:11 | Computer Name = Acer | Source = DCOM | ID = 10010
Description =

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7031
Description = Služba Dritek RF Button Command Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat
službu.

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7034
Description = Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7031
Description = Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to
1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat
službu.

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7031
Description = Služba Instalační služba modulů systému Windows byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 11. 3. 2016 12:53:30 | Computer Name = Acer | Source = Service Control Manager | ID = 7031
Description = Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund:
Restartovat službu.

Error - 11. 3. 2016 12:56:27 | Computer Name = Acer | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 12. 3. 2016 17:08:45 | Computer Name = Acer | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:28:26, ?12. ?3. ?2016) bylo neočekávané.


< End of report >
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod jaro3 » 16 bře 2016 10:08

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
[2016/03/05 08:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandarinka\AppData\Roaming\Mozilla\Extensions
[2016/03/05 08:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandarinka\AppData\Roaming\Mozilla\Firefox\Profiles\ecbcxxsj.default\extensions
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\
CHR - Extension: No name found = C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\ProgramData\DP45977C.lfl

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Mangifera
nováček
Příspěvky: 35
Registrován: březen 16
Pohlaví: Žena
Stav:
Offline

Re: Vyskakovací reklamy, samovolné vypínání ntb

Příspěvekod Mangifera » 16 bře 2016 19:35

Log se neobjevil, OTL zmizelo.
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Google Adsense [Bot] a 92 hostů