Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser not working but internet does


  • This topic is locked This topic is locked
4 replies to this topic

#1 aukroelektro

aukroelektro

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 21 March 2016 - 07:41 AM

Hi everyone

 

W7 64b, opera or chrome wont connect to any websites. Still I can access the computer remotely through teamviewer.

Several antivirus SW used - Nod, Malwarebytes, unfortunately combofix as well.

 

Any suggestions? Thx

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by moch-statik2 (administrator) on MOCH-STATIK2-PC (21-03-2016 10:51:20)
Running from C:\Users\moch-statik2\Desktop
Loaded Profiles: UpdatusUser & moch-statik2 (Available Profiles: UpdatusUser & moch-statik2)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(forum.viry.cz) C:\Users\moch-statik2\Desktop\FRSTLauncher.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [140872 2013-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\...\Run: [Akamai NetSession Interface] => C:\Users\moch-statik2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.54.166.10 10.24.1.16
Tcpip\..\Interfaces\{3E4AC5BA-2321-4758-AE3A-A95256F675C1}: [DhcpNameServer] 10.54.166.10 10.24.1.16
Tcpip\..\Interfaces\{80FD1C76-7394-4BA4-B21E-DAC330330A3C}: [DhcpNameServer] 10.54.166.10 10.24.1.16
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pravda.sk/
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1033141235-1158345020-714098884-1001 -> DefaultScope {0AEF03C4-9718-48DF-942C-4E10F52D6177} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1033141235-1158345020-714098884-1001 -> {0AEF03C4-9718-48DF-942C-4E10F52D6177} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1033141235-1158345020-714098884-1001 -> {E4AE2044-7A7E-42FF-99C6-7F54AC6E6C5D} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-10-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-19] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [2016-02-23] (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-10-19] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-02-02] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Dokumenty Google) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Disk Google) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabuľky Google) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1129864 2015-07-30] (Autodesk Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2842808 2015-09-26] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-18] (Condusiv Technologies)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-08-15] (Lenovo)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-07-15] (SafeNet Inc.)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [213504 2014-09-01] (Hilti Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [383264 2014-04-08] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259808 2014-04-08] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2014-07-15] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2014-07-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2014-07-15] (SafeNet Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-03-10] (ESET)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-18] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-18] (Condusiv Technologies)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [54000 2013-08-15] (Windows ® Win 7 DDK provider)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-07-15] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243272 2013-03-21] (Realtek Semiconductor Corp.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows ® Win 7 DDK provider)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 10:51 - 2016-03-21 10:51 - 00022020 _____ C:\Users\moch-statik2\Desktop\FRST.txt
2016-03-21 10:50 - 2016-03-21 10:51 - 00000000 ____D C:\FRST
2016-03-21 10:43 - 2016-03-21 10:44 - 00112640 _____ (forum.viry.cz) C:\Users\moch-statik2\Desktop\FRSTLauncher.exe
2016-03-21 10:42 - 2016-03-21 10:43 - 02374144 _____ (Farbar) C:\Users\moch-statik2\Desktop\FRST64.exe
2016-03-21 10:40 - 2016-03-21 10:41 - 00000000 ____D C:\rsit
2016-03-21 10:40 - 2016-03-21 10:40 - 00000000 ____D C:\Program Files\trend micro
2016-03-21 09:05 - 2016-03-19 15:08 - 00291394 _____ C:\Users\moch-statik2\Desktop\Follow up - Implementing DD to TL.xlsx
2016-03-21 08:57 - 2016-03-21 08:57 - 01146180 _____ C:\Users\moch-statik2\Desktop\-6.500.pdf
2016-03-21 08:57 - 2016-03-21 08:57 - 00955276 _____ C:\Users\moch-statik2\Desktop\-2.800.pdf
2016-03-21 08:56 - 2016-03-21 08:56 - 01511116 _____ C:\Users\moch-statik2\Desktop\±0.000.pdf
2016-03-21 08:56 - 2016-03-21 08:56 - 00558280 _____ C:\Users\moch-statik2\Desktop\+3.000.pdf
2016-03-21 08:55 - 2016-03-21 08:55 - 02092448 _____ C:\Users\moch-statik2\Desktop\+6.000.pdf
2016-03-21 08:55 - 2016-03-21 08:55 - 01462096 _____ C:\Users\moch-statik2\Desktop\+10.500.pdf
2016-03-21 08:55 - 2016-03-21 08:55 - 01443631 _____ C:\Users\moch-statik2\Desktop\+14.100.pdf
2016-03-21 08:54 - 2016-03-21 08:54 - 01784788 _____ C:\Users\moch-statik2\Desktop\+29.100.pdf
2016-03-21 08:54 - 2016-03-21 08:54 - 01473937 _____ C:\Users\moch-statik2\Desktop\+18.900.pdf
2016-03-21 06:38 - 2014-01-21 22:18 - 1034405876 _____ C:\Users\moch-statik2\Desktop\Croodsovi. CZ DABING.NOVINKY.(2013).avi
2016-03-21 06:37 - 2016-03-21 06:37 - 00000000 ____D C:\Users\moch-statik2\Desktop\CS 800_1-02 Closure of Assembly Openings - Chripková
2016-03-21 06:28 - 2016-03-21 06:28 - 00033279 _____ C:\Users\moch-statik2\Desktop\list.txt
2016-03-21 05:17 - 2016-03-21 05:17 - 00000000 ___SH C:\DkHyperbootSync
2016-03-20 10:34 - 2016-03-20 10:34 - 00033279 _____ C:\ComboFix.txt
2016-03-20 09:57 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-20 09:57 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-20 09:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-20 09:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-20 09:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-20 09:57 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-20 09:57 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-20 09:57 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-20 09:44 - 2016-03-20 10:35 - 00000000 ____D C:\Qoobox
2016-03-20 09:44 - 2016-03-20 10:28 - 00000000 ____D C:\Windows\erdnt
2016-03-20 09:38 - 2016-03-20 09:38 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\ElevatedDiagnostics
2016-03-19 23:41 - 2016-03-19 23:41 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\ESET
2016-03-19 22:02 - 2016-03-19 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-03-19 22:02 - 2016-03-19 22:02 - 00000000 ____D C:\ProgramData\ESET
2016-03-19 22:02 - 2016-03-19 22:02 - 00000000 ____D C:\Program Files\ESET
2016-03-19 21:41 - 2016-03-19 21:41 - 00001074 _____ C:\Users\Public\Desktop\GWX Control Panel.lnk
2016-03-19 21:41 - 2016-03-19 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2016-03-19 21:41 - 2016-03-19 21:41 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2016-03-19 20:42 - 2016-03-19 20:42 - 00000000 ____D C:\ProgramData\GFI Software
2016-03-19 18:29 - 2016-03-20 09:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-19 18:28 - 2016-03-19 18:28 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-19 18:28 - 2016-03-19 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-19 18:28 - 2016-03-19 18:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-19 18:28 - 2016-03-19 18:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-19 18:28 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-19 18:28 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-19 18:28 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-19 17:18 - 2016-03-19 17:18 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\Downloaded Installations
2016-03-19 17:17 - 2016-03-19 17:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-19 17:11 - 2016-03-19 17:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-19 17:11 - 2016-03-19 17:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-19 17:07 - 2016-03-21 10:39 - 00000000 ____D C:\Users\moch-statik2\Desktop\vymazma
2016-03-19 13:03 - 2016-03-19 13:03 - 00000000 ____D C:\Users\moch-statik2\Documents\Poznámkové bloky programu OneNote
2016-03-18 14:31 - 2016-03-20 10:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-18 14:31 - 2016-03-18 14:31 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-18 14:31 - 2016-03-18 14:31 - 00001042 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-18 14:31 - 2016-03-18 14:31 - 00000000 ____D C:\Users\moch-statik2\AppData\Roaming\TeamViewer
2016-03-18 14:26 - 2016-03-18 14:26 - 09788888 _____ (TeamViewer GmbH) C:\Users\moch-statik2\Downloads\TeamViewer_Setup_sk-ioh.exe
2016-03-17 14:55 - 2016-03-17 16:54 - 03419968 _____ C:\Users\moch-statik2\Desktop\PNM3432220505_B.dwg
2016-03-17 12:05 - 2016-03-17 12:05 - 00597960 _____ C:\Users\moch-statik2\Desktop\PNM3432221004AB00_B-PNM34322210.pdf
2016-03-07 12:37 - 2016-03-19 17:55 - 00000000 ____D C:\Windows\pss
2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____H C:\Users\moch-statik2\Documents\Default.rdp
2016-03-07 12:14 - 2016-03-07 12:43 - 00007639 _____ C:\Users\moch-statik2\AppData\Local\Resmon.ResmonCfg
2016-03-07 12:09 - 2016-03-07 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2016-03-07 12:09 - 2016-03-07 12:09 - 00000000 ____D C:\Program Files (x86)\HD Tune
2016-03-04 08:27 - 2016-03-04 08:27 - 00000000 ____D C:\Users\moch-statik2\Desktop\zasilka-HS73MHCWL8JD7EJ6
2016-03-03 14:08 - 2016-03-03 14:08 - 00000144 _____ C:\Users\moch-statik2\Documents\acad.err
2016-03-02 15:15 - 2016-03-02 15:16 - 06837784 _____ (Piriform Ltd) C:\Users\moch-statik2\Downloads\ccsetup515 (1).exe
2016-03-02 14:54 - 2016-03-02 14:54 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-02 14:28 - 2016-03-02 14:28 - 06837784 _____ (Piriform Ltd) C:\Users\moch-statik2\Downloads\ccsetup515.exe
2016-02-25 12:21 - 2016-02-25 12:21 - 00038523 _____ C:\Users\moch-statik2\Downloads\ZIVOTOPIS_Martina_Chripkova.pdf
2016-02-25 08:08 - 2016-02-25 08:08 - 00185832 _____ C:\Users\moch-statik2\Downloads\Životopis-Ing.-Martina-Chripková_SK (1).pdf
2016-02-25 08:08 - 2016-02-25 08:08 - 00025953 _____ C:\Users\moch-statik2\Downloads\Životopis-Ing.-Martina-Chripková (1).pdf
2016-02-24 07:18 - 2016-02-24 07:18 - 00188969 _____ C:\Users\moch-statik2\Downloads\Žiadosť-o-prijatie-do-zamestnania.pdf
2016-02-24 07:18 - 2016-02-24 07:18 - 00185832 _____ C:\Users\moch-statik2\Downloads\Životopis-Ing.-Martina-Chripková_SK.pdf
2016-02-24 07:18 - 2016-02-24 07:18 - 00025953 _____ C:\Users\moch-statik2\Downloads\Životopis-Ing.-Martina-Chripková.pdf
2016-02-23 15:23 - 2016-02-23 15:23 - 00139264 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2016-02-23 15:23 - 2016-02-23 15:23 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2016-02-23 15:23 - 2016-02-23 15:23 - 00135168 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2016-02-23 15:23 - 2016-02-23 15:23 - 00069632 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javacpl.cpl
2016-02-23 15:23 - 2016-02-23 15:23 - 00000000 ____D C:\Users\moch-statik2\AppData\LocalLow\Sun
2016-02-23 15:23 - 2016-02-23 15:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 15:21 - 2016-02-23 15:21 - 00002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk
2016-02-23 15:21 - 2016-02-23 15:21 - 00002105 _____ C:\Users\Public\Desktop\PDFill PDF Editor.lnk
2016-02-23 15:21 - 2016-02-23 15:21 - 00001103 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-02-23 15:21 - 2016-02-23 15:21 - 00001073 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-02-23 07:35 - 2016-02-23 16:46 - 02116213 _____ C:\Users\moch-statik2\Desktop\RMU-AB-Preview.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 10:32 - 2014-11-22 14:42 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 10:26 - 2014-11-25 14:37 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\CrashDumps
2016-03-21 10:24 - 2015-07-06 14:38 - 00000000 ____D C:\Users\moch-statik2\Desktop\CHRIPKOVA
2016-03-21 08:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 06:39 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-21 06:38 - 2014-09-11 15:00 - 00660644 _____ C:\Windows\system32\perfh005.dat
2016-03-21 06:38 - 2014-09-11 15:00 - 00141294 _____ C:\Windows\system32\perfc005.dat
2016-03-21 06:38 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-21 06:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-21 06:28 - 2014-11-22 14:42 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-20 21:40 - 2009-07-14 05:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-20 21:40 - 2009-07-14 05:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-20 10:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-03-20 09:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-20 09:21 - 2014-09-11 15:32 - 00000000 ____D C:\Program Files\Lenovo
2016-03-20 09:21 - 2014-09-11 15:28 - 00000000 ____D C:\Program Files\Intel
2016-03-19 21:23 - 2014-09-11 15:43 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-03-19 21:23 - 2014-09-11 15:31 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-03-19 21:23 - 2014-09-10 22:32 - 00000000 ____D C:\ProgramData\Lenovo
2016-03-19 21:22 - 2014-09-11 15:46 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-03-19 21:21 - 2015-01-08 08:19 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-19 21:21 - 2014-09-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-19 21:20 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-19 21:18 - 2014-09-11 15:28 - 00000000 ____D C:\ProgramData\Intel
2016-03-19 21:18 - 2014-09-11 15:28 - 00000000 ____D C:\Program Files (x86)\Intel
2016-03-19 21:17 - 2014-09-11 15:45 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-03-19 20:39 - 2014-11-25 09:43 - 00000000 ____D C:\Temp
2016-03-19 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\TAPI
2016-03-19 17:30 - 2015-02-02 17:18 - 00003866 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422893924
2016-03-19 17:30 - 2015-02-02 17:18 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-19 17:03 - 2014-11-22 12:15 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\Akamai
2016-03-19 07:02 - 2009-07-14 05:45 - 00556208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-18 14:33 - 2014-11-20 01:19 - 00154968 _____ C:\Users\moch-statik2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-17 12:14 - 2015-03-09 10:02 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\cache
2016-03-17 06:49 - 2015-02-02 17:20 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\PDFCreator
2016-03-14 14:14 - 2014-11-22 14:48 - 00000000 ____D C:\Users\moch-statik2\AppData\Local\Adobe
2016-03-09 06:37 - 2014-11-22 14:45 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 06:37 - 2014-11-22 14:45 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-07 12:34 - 2015-12-18 07:10 - 00000000 ____D C:\Users\moch-statik2\AppData\Roaming\LSC
2016-03-07 10:18 - 2014-12-15 09:15 - 00003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-03-02 15:05 - 2014-01-30 20:47 - 00000000 ____D C:\Windows\Panther
2016-03-01 12:42 - 2014-11-22 12:15 - 00000000 ____D C:\Autodesk
2016-02-23 15:21 - 2015-12-01 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-02-22 12:47 - 2009-07-14 06:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2016-03-07 12:14 - 2016-03-07 12:43 - 0007639 _____ () C:\Users\moch-statik2\AppData\Local\Resmon.ResmonCfg
2014-09-11 15:36 - 2014-09-11 15:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-22 13:25 - 2014-11-22 13:25 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-09-11 15:49 - 2014-09-11 15:50 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-09-11 15:47 - 2014-09-11 15:48 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-09-11 15:48 - 2014-09-11 15:49 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-09-11 15:49 - 2014-09-11 15:49 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 16:31
 
==================== End of FRST.txt ============================
 
 
 
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
 
==================== Drive and Memory info ===================
 
Drive c: (Windows7_OS) (Fixed) (Total:912.31 GB) (Free:760.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.73 GB) (Free:5.1 GB) NTFS
Drive t: (Data) (Network) (Total:3723.87 GB) (Free:101.23 GB) NTFS
Drive u: () (Network) (Total:1862.98 GB) (Free:619.82 GB) NTFS
 
Available physical RAM: 3757.98 MB
Total physical RAM: 7906.47 MB
Percentage of memory in use: 52%
 
==================== MBR and Partition Table ==================
 
Disk: 0 (Size: 931.5 GB) (Disk ID: BDDB7BAB)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=912.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.7 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: BDDB4552)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
 
==================== Scheduled Tasks (whitelisted) ==================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Alternate Data Streams (whitelisted) ==================
 
 
==================== Security Center ==================
 
AV: Microsoft Security Essentials (Disabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: ESET NOD32 Antivirus 8.0 (Disabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Microsoft Security Essentials (Disabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
 
 
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
 
  
***** Velikost "Plochy" *****
 
Velikost slozky "C:\Users\moch-statik2\Desktop" je 25073 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" 
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fastboot
"C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" 
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
"c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
"C:\Windows\system32\igfxpers.exe"  [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROFIS AutoUpdate
C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV
rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe" 
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks
Re�im ECHO je vypnut.
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ThinkPad OneLink Dock Management.lnk
C:\PROGRA~2\Lenovo\ONELIN~1\ONELIN~1.EXE 1.08.26 [x]
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^moch-statik2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Odoslanie do aplik�cie OneNote.lnk
C:\PROGRA~2\MICROS~2\root\Office16\ONENOTEM.EXE  
 
 
***** Firewall rules *****
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
 
 
==================== End Of Log ==============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 22 March 2016 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1033141235-1158345020-714098884-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys 
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
C:\Users\moch-statik2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know if the problem persists.

#3 aukroelektro

aukroelektro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 23 March 2016 - 09:35 AM

Thank you for the instructions nasdaq, I will try this next week and keep you informed, since Im on vacation right now. Cheers



#4 aukroelektro

aukroelektro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 01 April 2016 - 12:44 AM

Hey nasdaq,

 

there was a factory reset made on the computer, looked like the fastest way to be "online" again.

Thanks anyway.

 

Cheers



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 PM

Posted 01 April 2016 - 07:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users