Prosim o kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Marcelko69
nováček
Příspěvky: 11
Registrován: listopad 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Marcelko69 » 15 lis 2015 00:10

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by furst (2015-11-15 00:03:19)
Running from C:\Users\furst\Desktop
Windows 10 Home (X64) (2015-09-06 15:03:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1508215794-3306958152-728342842-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1508215794-3306958152-728342842-503 - Limited - Disabled)
furst (S-1-5-21-1508215794-3306958152-728342842-1001 - Administrator - Enabled) => C:\Users\furst
Guest (S-1-5-21-1508215794-3306958152-728342842-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AIDA64 Extreme v5.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.)
Aktualizácie NVIDIA 2.5.15.54 (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blood Bowl 2 (HKLM-x32\...\Blood Bowl 2_is1) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
GameRanger (HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\GameRanger) (Version: - GameRanger Technologies)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10223 - Realtek Semiconductor Corp.)
Mad Max v.1.0.1.1 (HKLM-x32\...\Mad Max_is1) (Version: - )
Malwarebytes Anti-Malware verzia 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 (HKLM-x32\...\{1ef6a030-1244-4d01-95f3-299c0e3a3362}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.03.1014 - Huawei Technologies Co.,Ltd)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 151111.121843 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Grafický ovládač 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oracle VM VirtualBox 5.0.6 (HKLM\...\{D09FC154-2747-4BC8-838E-B2EC414C4F6A}) (Version: 5.0.6 - Oracle Corporation)
Ovládací panel NVIDIA 358.91 (Version: 358.91 - NVIDIA Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Project CARS (HKLM-x32\...\UHJvamVjdENBUlM=_is1) (Version: 1 - )
Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.71 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Teeworlds (HKLM-x32\...\Steam App 380840) (Version: - Teeworlds Team)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.5 - Tunngle.net GmbH)
TypeScript Power Tool (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visustin v7 (HKLM-x32\...\ST6UNST #1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1508215794-3306958152-728342842-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\furst\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

08-11-2015 23:35:38 Nainštalované Microsoft Visual C++ 2005 Redistributable
11-11-2015 16:58:03 Odstránené NVIDIA PhysX
14-11-2015 11:43:27 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-06 16:26 - 2015-11-14 19:43 - 00000747 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3CA8F7CF-DE36-45B1-8467-9C05EB119443} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8050D6E3-F5D7-41FA-9BD9-704CFD96B085} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
Task: {82BEAD72-7E5C-4C65-8983-4FB573618264} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B5DA5CFC-9586-4236-B24C-8FB148ABC778} - System32\Tasks\{6ABC66C7-9C1C-4131-9538-7C670FB6DF6D} => pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" -c --uninstall --system-level
Task: {B76432B6-AE77-4B6C-92CD-C1C26B7E7CE6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {B86FF1C8-3C6C-45F1-BDFA-464AC9235090} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: {BBA58B47-E854-4BB9-8E15-5B8E6CAE672C} - System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BC464646-77E7-40EA-BB9B-2AE987541802} - System32\Tasks\1afdk3yn => C:\Program Files\Common Files\mm1zcbfg\d6075adaoc4ds.exe <==== ATTENTION
Task: {F427CE93-EAF7-42B4-96C9-B2B69C1D7067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-04 15:42 - 2015-09-04 15:42 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-08 02:53 - 2015-11-05 16:08 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-04 15:55 - 2015-08-11 10:13 - 00413184 _____ () C:\WINDOWS\System32\diagtrack_win.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-11-12 21:52 - 2015-11-12 21:52 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-11-12 21:52 - 2015-11-13 08:31 - 00202040 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-10-01 00:52 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 00:52 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-27 16:28 - 2012-11-01 11:49 - 00657504 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2015-10-01 00:51 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 00:52 - 2015-09-17 06:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 00:51 - 2015-09-17 06:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 00:51 - 2015-09-17 06:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 00:52 - 2015-09-17 06:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 18:56 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-09-27 16:28 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2015-09-27 16:28 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2015-09-27 16:28 - 2010-05-10 03:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2015-09-27 16:28 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2015-09-27 16:28 - 2012-11-01 11:26 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2015-09-27 16:28 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2015-09-08 02:56 - 2015-10-12 04:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-06 16:23 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-06 16:22 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-06 16:23 - 2015-11-10 03:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-06 16:22 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-06 16:22 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-06 16:22 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-06 16:22 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-06 16:22 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-06 16:22 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-06 16:22 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-06 16:22 - 2015-11-10 03:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-09-06 16:22 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-09-06 16:22 - 2015-11-10 03:44 - 00140368 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2015-09-06 16:22 - 2014-11-11 19:48 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2015-09-06 16:22 - 2014-11-11 19:48 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2015-09-06 16:22 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-09-06 16:22 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-11-11 07:47 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 07:47 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 07:47 - 2015-11-07 05:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1508215794-3306958152-728342842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\furst\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{d96c5006-8d12-4322-b071-ad70209aca12}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EF003B11-71D8-46A2-BF88-5C6A92CE67CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85AF8A1A-B9BA-4845-96D6-87917AFACD86}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8981F34-4BED-487A-BF3C-262D32D9848C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A128FD6F-795F-45D7-8F1B-82F9EA027FAF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{68923453-C7AB-4E52-A45E-E3FE824A7793}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A1D7A65C-40EF-4596-B2F4-602EDA858D20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DC2EDB58-5616-41B3-87E0-88996D7D5C22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C2B1CBF-FC20-4397-918A-3B299CBB2906}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EDEACC34-1998-463F-AF33-CD94AF1E6439}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B16A3B6F-2EE4-44F5-A806-3129296088AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B52C89F8-1C36-4B20-8341-38D0F9C4C448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3AC5BCF1-353B-49EC-9A44-007C0BAC5BDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06F5A198-ECF9-4B2F-BE3C-DBD3EC09D3E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F00B4C8-602C-4A38-8F7F-EC5ED8ABC522}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FEE16ADD-5D40-45D9-B35D-004863E2F9E7}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5A83F039-16DA-457B-8CA5-9EB0AB3F6F80}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{69209E37-9056-4DBA-AB38-FD1497340779}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FEABF465-5DE8-4221-8AB5-C2A75BA33F41}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC327FEF-2BCE-4A38-AB80-98E1931B72C1}] => (Allow) C:\Users\furst\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C5AD32A-568A-4587-BCB5-F4A5F28D7C2D}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6B1F904E-266D-4510-BF74-3F007E984FD2}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C421BF7A-0A40-4530-A856-39FCF1422B74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75A0A28E-ACBD-4725-974D-110094AB68B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E576AA1F-70BE-4C18-8C9D-5B07868A2BB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5481B20E-4C30-4778-9206-0BF570D40446}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E80EFE44-F669-46EC-A37F-E85B62880836}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2835F56B-B82F-4C80-B371-D72748650D9B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{10B64307-7C8A-40DF-8EE9-C2E7F13B0A4A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{EFBA3BDE-41D9-4F02-B3A4-DE9612EA5ED3}C:\users\furst\desktop\diablo ii\game.exe] => (Allow) C:\users\furst\desktop\diablo ii\game.exe
FirewallRules: [UDP Query User{5470111F-0AC5-48EE-B46D-2F0C52EE581F}C:\users\furst\desktop\diablo ii\game.exe] => (Allow) C:\users\furst\desktop\diablo ii\game.exe
FirewallRules: [TCP Query User{478C3221-36BE-4ECB-99F7-A9DFF2F5978B}C:\users\furst\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\furst\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{E491CB46-9AB8-4029-8DEB-DC9D9D80C98A}C:\users\furst\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\furst\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{83ECB0EE-C093-44A6-82D3-2A87AD31B032}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{834D3B8E-44FA-4FD3-B269-E92572FB55E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CA6CF01D-F844-4547-B333-23EBCEF6BA22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5BE87405-E3E2-42EF-B4A5-DA1DA7DF1DBF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5E654FDE-CA36-4B4B-8BAF-4F88ED425C09}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{96C1B68E-3A2B-4C54-A4C6-DD28683794A2}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4807A716-33D1-4627-8011-3D75EB386450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{D60E3545-D896-42FF-BDB9-9E0676739378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{E361B469-5622-4015-87B9-A933C33C86F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teeworlds\teeworlds.exe
FirewallRules: [{9E848CF6-6CB3-46EF-9BBC-FCE996BB0D8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teeworlds\teeworlds.exe
FirewallRules: [{F81D1A52-ECC4-4947-B338-620F0E50D02A}] => (Allow) C:\Games\Mad Max\MadMax.exe
FirewallRules: [{0C320A75-E203-470F-888E-55F18F1D70BD}] => (Allow) C:\Games\Mad Max\MadMax.exe
FirewallRules: [{8ECB5B81-E95B-4BEF-B3DB-1F5CE4DFA708}] => (Allow) C:\Games\Mad Max\MadMax.exe
FirewallRules: [{A8353A9D-A0D2-45A9-9AE8-0EAC0189AFA5}] => (Allow) C:\Games\Mad Max\MadMax.exe
FirewallRules: [{78B3D4DF-7C90-45E9-9534-34CC8E3B62EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{C2AFFA60-3959-4B32-9FD0-33B529ED0399}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{8A01B1DA-DA88-4B1B-925C-8B0C2339AB1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8A061FAC-3A52-4E8B-824A-7EDAF2DF783B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{87DB011D-3217-47BD-BE55-D1EC8F307C61}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{E6BE0EC4-A021-4E7A-9343-5B7EBFD2FEE0}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{FA919B13-005A-45A5-9C29-CE16EFE94779}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{27A088E1-F4F3-4D3E-BEB4-72F54AA6327E}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{8A64C33F-24BE-4CE6-9CB3-F48F2E09BE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{DFB77A64-7A25-4976-A274-6BAA3E490FC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{136991BA-C778-42E1-B7F1-AAC8ED8807DF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{4DB29DE6-E51A-47CD-AE78-26FB63A48FFA}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{856D64A6-BA9D-40F6-AD79-8670720CD5E3}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{4D5E7A18-3D6E-4CFB-BE1C-360819E59DA0}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe
FirewallRules: [UDP Query User{ADF83F41-D341-4B0C-973C-086D5D5A652D}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe
FirewallRules: [{87647172-7FD8-4B4E-A3C7-A18F68B2DCC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{799D495C-5A47-4ED5-A194-DF9550C2C4EA}C:\users\furst\downloads\call of duty 4 multiplayer\iw3mp.exe] => (Allow) C:\users\furst\downloads\call of duty 4 multiplayer\iw3mp.exe
FirewallRules: [UDP Query User{36105A87-7630-415B-B469-CF076B0CDDC3}C:\users\furst\downloads\call of duty 4 multiplayer\iw3mp.exe] => (Allow) C:\users\furst\downloads\call of duty 4 multiplayer\iw3mp.exe
FirewallRules: [{149DC7F2-D3BA-445B-A1BD-CBB41D921C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{9618F114-027E-463E-901E-117F27EC9598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2015 09:20:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:20:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:18:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:18:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:16:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:16:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:15:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:15:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:15:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (11/14/2015 09:14:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QCH9SSA)
Description: Aktivácia aplikácie Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp zlyhala pre chybu: -2144927148 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (11/14/2015 10:46:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Správca overení v službe Xbox Live bola ukončená s nasledujúcou chybou služby:
%%0

Error: (11/14/2015 08:06:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Správca overení v službe Xbox Live bola ukončená s nasledujúcou chybou služby:
%%0

Error: (11/14/2015 07:56:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Mobile Partner. OUC zlyhalo kvôli nasledujúcej chybe:
%%1053

Error: (11/14/2015 07:56:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Mobile Partner. OUC bol dosiahnutý časový limit (30000 ms).

Error: (11/14/2015 07:55:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QCH9SSA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (11/14/2015 07:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Prístup k používateľským údajom_Session1 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/14/2015 07:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ukladací priestor používateľských údajov_Session1 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/14/2015 07:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Kontaktné údaje_Session1 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/14/2015 07:55:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_Session1 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/14/2015 07:53:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.


CodeIntegrity:
===================================
Date: 2015-11-12 20:50:56.290
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-12 20:50:56.165
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-12 15:39:29.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

Date: 2015-11-12 15:17:07.878
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

Date: 2015-11-12 15:08:41.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements.

Date: 2015-11-12 15:00:47.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-11-12 14:49:40.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-11-12 14:42:46.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-11-12 14:08:21.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-11-12 13:50:34.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 6060.36 MB
Available physical RAM: 3238.23 MB
Total Virtual: 9773.77 MB
Available Virtual: 6090.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:503.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=463 MB) - (Type=27)

==================== End of Addition.txt ============================

Reklama
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Orcus » 15 lis 2015 08:11

1. Co máš za notebook? 80°C na procesor je dost na hraně.

2. Odinstaluj - SUPERAntiSpyware

3. Jak můžeme čistit, když tam máš nelegální SW plný cracků, které ten bordel tahají pořád zpět? Namátkově:

Kód: Vybrat vše

Call.of.Duty.Modern.Warfare.3-RELOADED
C:\Users\furst\Downloads\[CzT]Call_of_Duty_6_Modern_Warfare_2_Multiplayer_crack_DLC.torrent
C:\Users\furst\AppData\Local\SKIDROW


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {5aba777e-5ccd-11e5-b624-28d2444e0b3a} - "F:\SETUP.EXE"
HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {95b51578-86ea-11e5-b63c-28d2444e0b3a} - "H:\SETUP.EXE"
HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {d9665364-6198-11e5-b628-28d2444e0b3a} - "G:\SETUP.EXE"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-1508215794-3306958152-728342842-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1508215794-3306958152-728342842-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
CHR HomePage: Default -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: Default -> "hxxps://www.google.sk/","hxxp://www.delta-homes.com/?type=hp&ts=1444665030&z=6fbc913dbf4bc3b47e6bee2g7z7z5z1m0e7g3e8qfz&from=wpm07163&uid=ST1000LM014-SSHD-8GB_W3815F6YXXXXW3815F6Y","hxxp://www.omniboxes.com/?type=hp&ts=1447150091&z=e0a2d21d7e17fc6ba7e678fgbz5z8m8g2w0e3e7tez&from=wpm07163&uid=ST1000LM014-SSHD-8GB_W3815F6YXXXXW3815F6Y"
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\aalnjolghjkkogicompabhhbbkljnlka [2015-10-06]
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi [2015-10-07]
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi [2015-10-06]
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11
C:\Users\furst\AppData\Roaming\SUPERAntiSpyware.com
C:\Users\furst\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Modern_Warfare_3.torrent
C:\Users\furst\AppData\Local\SKIDROW
C:\Users\furst\Downloads\Call of Duty - Black Ops CZ
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Black_Ops_CZ.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Advanced_Warfare_2014_.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_6_Modern_Warfare_2_Multiplayer_crack_DLC.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_4_Modern_Warfare_Multiplayer_only.torrent
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D9F98A37-96DA-4FC2-A8EC-BAEFC7BF8042}
CustomCLSID: HKU\S-1-5-21-1508215794-3306958152-728342842-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\furst\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
Task: {3CA8F7CF-DE36-45B1-8467-9C05EB119443} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8050D6E3-F5D7-41FA-9BD9-704CFD96B085} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
Task: {82BEAD72-7E5C-4C65-8983-4FB573618264} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B5DA5CFC-9586-4236-B24C-8FB148ABC778} - System32\Tasks\{6ABC66C7-9C1C-4131-9538-7C670FB6DF6D} => pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" -c --uninstall --system-level
Task: {B86FF1C8-3C6C-45F1-BDFA-464AC9235090} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: {BBA58B47-E854-4BB9-8E15-5B8E6CAE672C} - System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BC464646-77E7-40EA-BB9B-2AE987541802} - System32\Tasks\1afdk3yn => C:\Program Files\Common Files\mm1zcbfg\d6075adaoc4ds.exe <==== ATTENTION
Task: {F427CE93-EAF7-42B4-96C9-B2B69C1D7067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe




(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

+

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal:
C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe
C:\Windows\System32\drivers\udecx.sys
C:\Users\furst\Downloads\asd.zip
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\nvinfo.pb
C:\Program Files\Common Files\hxvl5wjw.exe
C:\ProgramData\DP45977C.lfl
C:\Program Files\Common Files\mm1zcbfg\d6075adaoc4ds.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Marcelko69
nováček
Příspěvky: 11
Registrován: listopad 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Marcelko69 » 15 lis 2015 12:34

odkaz na notebook
http://online.asbis.sk/lenovo-ideapad-y510p-i5-4200m-3-1ghz-15-6-fhd-matny-nvidia-755m-2gb-6gb-1tb-8gb-ssd-dvd-dos-cierny-1y-mi_d219675.html
FRST log :

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by furst (2015-11-15 11:23:30) Run:1
Running from C:\Users\furst\Desktop
Loaded Profiles: furst (Available Profiles: furst)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {5aba777e-5ccd-11e5-b624-28d2444e0b3a} - "F:\SETUP.EXE"
HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {95b51578-86ea-11e5-b63c-28d2444e0b3a} - "H:\SETUP.EXE"
HKU\S-1-5-21-1508215794-3306958152-728342842-1001\...\MountPoints2: {d9665364-6198-11e5-b628-28d2444e0b3a} - "G:\SETUP.EXE"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-1508215794-3306958152-728342842-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1508215794-3306958152-728342842-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
CHR HomePage: Default -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: Default -> "hxxps://www.google.sk/","hxxp://www.delta-homes.com/?type=hp&ts=1444665030&z=6fbc913dbf4bc3b47e6bee2g7z7z5z1m0e7g3e8qfz&from=wpm07163&uid=ST1000LM014-SSHD-8GB_W3815F6YXXXXW3815F6Y","hxxp://www.omniboxes.com/?type=hp&ts=1447150091&z=e0a2d21d7e17fc6ba7e678fgbz5z8m8g2w0e3e7tez&from=wpm07163&uid=ST1000LM014-SSHD-8GB_W3815F6YXXXXW3815F6Y"
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\aalnjolghjkkogicompabhhbbkljnlka [2015-10-06]
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi [2015-10-07]
OPR Extension: (No Name) - C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi [2015-10-06]
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11
C:\Users\furst\AppData\Roaming\SUPERAntiSpyware.com
C:\Users\furst\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Modern_Warfare_3.torrent
C:\Users\furst\AppData\Local\SKIDROW
C:\Users\furst\Downloads\Call of Duty - Black Ops CZ
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Black_Ops_CZ.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Advanced_Warfare_2014_.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_6_Modern_Warfare_2_Multiplayer_crack_DLC.torrent
C:\Users\furst\Downloads\[CzT]Call_of_Duty_4_Modern_Warfare_Multiplayer_only.torrent
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D9F98A37-96DA-4FC2-A8EC-BAEFC7BF8042}
CustomCLSID: HKU\S-1-5-21-1508215794-3306958152-728342842-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\furst\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
Task: {3CA8F7CF-DE36-45B1-8467-9C05EB119443} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8050D6E3-F5D7-41FA-9BD9-704CFD96B085} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
Task: {82BEAD72-7E5C-4C65-8983-4FB573618264} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B5DA5CFC-9586-4236-B24C-8FB148ABC778} - System32\Tasks\{6ABC66C7-9C1C-4131-9538-7C670FB6DF6D} => pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" -c --uninstall --system-level
Task: {B86FF1C8-3C6C-45F1-BDFA-464AC9235090} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: {BBA58B47-E854-4BB9-8E15-5B8E6CAE672C} - System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BC464646-77E7-40EA-BB9B-2AE987541802} - System32\Tasks\1afdk3yn => C:\Program Files\Common Files\mm1zcbfg\d6075adaoc4ds.exe <==== ATTENTION
Task: {F427CE93-EAF7-42B4-96C9-B2B69C1D7067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1508215794-3306958152-728342842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aba777e-5ccd-11e5-b624-28d2444e0b3a}" => key removed successfully
HKCR\CLSID\{5aba777e-5ccd-11e5-b624-28d2444e0b3a} => key not found.
"HKU\S-1-5-21-1508215794-3306958152-728342842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95b51578-86ea-11e5-b63c-28d2444e0b3a}" => key removed successfully
HKCR\CLSID\{95b51578-86ea-11e5-b63c-28d2444e0b3a} => key not found.
"HKU\S-1-5-21-1508215794-3306958152-728342842-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9665364-6198-11e5-b628-28d2444e0b3a}" => key removed successfully
HKCR\CLSID\{d9665364-6198-11e5-b628-28d2444e0b3a} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1508215794-3306958152-728342842-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1508215794-3306958152-728342842-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll => not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\aalnjolghjkkogicompabhhbbkljnlka => moved successfully
C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi => moved successfully
C:\Users\furst\AppData\Roaming\Opera Software\Opera Stable\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi => moved successfully
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job" => not found.
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job" => not found.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578" => not found.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11" => not found.
C:\Users\furst\AppData\Roaming\SUPERAntiSpyware.com => moved successfully
C:\Users\furst\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED => moved successfully
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Modern_Warfare_3.torrent => moved successfully
C:\Users\furst\AppData\Local\SKIDROW => moved successfully
C:\Users\furst\Downloads\Call of Duty - Black Ops CZ => moved successfully
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Black_Ops_CZ.torrent => moved successfully
C:\Users\furst\Downloads\[CzT]Call_of_Duty_Advanced_Warfare_2014_.torrent => moved successfully
C:\Users\furst\Downloads\[CzT]Call_of_Duty_6_Modern_Warfare_2_Multiplayer_crack_DLC.torrent => moved successfully
C:\Users\furst\Downloads\[CzT]Call_of_Duty_4_Modern_Warfare_Multiplayer_only.torrent => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D9F98A37-96DA-4FC2-A8EC-BAEFC7BF8042} => moved successfully
"HKU\S-1-5-21-1508215794-3306958152-728342842-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA8F7CF-DE36-45B1-8467-9C05EB119443} => key not found.
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8050D6E3-F5D7-41FA-9BD9-704CFD96B085}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8050D6E3-F5D7-41FA-9BD9-704CFD96B085}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82BEAD72-7E5C-4C65-8983-4FB573618264}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82BEAD72-7E5C-4C65-8983-4FB573618264}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DA5CFC-9586-4236-B24C-8FB148ABC778}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DA5CFC-9586-4236-B24C-8FB148ABC778}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6ABC66C7-9C1C-4131-9538-7C670FB6DF6D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6ABC66C7-9C1C-4131-9538-7C670FB6DF6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B86FF1C8-3C6C-45F1-BDFA-464AC9235090}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B86FF1C8-3C6C-45F1-BDFA-464AC9235090}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBA58B47-E854-4BB9-8E15-5B8E6CAE672C} => key not found.
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC464646-77E7-40EA-BB9B-2AE987541802}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC464646-77E7-40EA-BB9B-2AE987541802}" => key removed successfully
C:\WINDOWS\System32\Tasks\1afdk3yn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1afdk3yn" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F427CE93-EAF7-42B4-96C9-B2B69C1D7067}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F427CE93-EAF7-42B4-96C9-B2B69C1D7067}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5d7a050d-3a7c-43fc-a6a6-b79674e2c578.job => not found.
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e5b8f685-41ea-4a0b-8076-d63b3321bc11.job => not found.


The system needed a reboot.

==== End of Fixlog 11:25:18 ====

Odkazy na virustotal:
https://www.virustotal.com/sk/file/ce4c48257b72bca71f0ae9e79efcdb126a3dc9bb9279bc72709b6b3bcc2a2bd7/analysis/1447583670/
https://www.virustotal.com/sk/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1447586189/
https://www.virustotal.com/sk/file/95352d25799e8c262a9d2fa94d35abdd9b7ef93381d291ad6ce90e5a06d147bf/analysis/1447584651/
https://www.virustotal.com/sk/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1447585121/
https://www.virustotal.com/sk/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1447585423/
https://www.virustotal.com/sk/file/805aeb822488e5bf87bd7e42c9e993ed23cd6907c9a4d27958447c5a0baadc37/analysis/1447586386/
https://www.virustotal.com/sk/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1447586531/
https://www.virustotal.com/sk/file/5e319dbcc9a998838dd8e0f393c1e5b0c3720434f301feacbfb63e8f7439e0fc/analysis/1447586658/

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod jerabina » 15 lis 2015 22:17

Tyto soubory najdi a smaž:
C:\Program Files\Common Files\hxvl5wjw.exe
C:\ProgramData\DP45977C.lfl


Najdi tento soubor a podívej se na jeho velikost, pokud není 0 b tak ho smaž:
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

Co problémy?
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

Marcelko69
nováček
Příspěvky: 11
Registrován: listopad 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Marcelko69 » 18 lis 2015 00:36

súbory som vymazal bohužial pri dlhšom používaní sa prehrievanie vrátilo....teplota sa vyšplhala na 83 stupnov

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod jaro3 » 18 lis 2015 10:13

Kdy byl naposledy notebook čištěn od prachu?

Zadej si téma do sekce Hardware.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Marcelko69
nováček
Příspěvky: 11
Registrován: listopad 15
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Marcelko69 » 18 lis 2015 12:48

pred týždnom

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu

Příspěvekod Orcus » 18 lis 2015 15:28

Potom je možné, že nebyla vyměněna teplovodivá pasta či polštářek nebo je někde ucpanej větrák. Každopádně viry to není. Přejdi prosím do HW sekce.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 64 hostů