Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some issues with running and closeing programs


  • This topic is locked This topic is locked
7 replies to this topic

#1 Amonax

Amonax

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 18 April 2017 - 03:18 PM

Hi!
Some of my programs (games) gets freeze when i want to close them or log out and other open for a long time
(my pc always run those programs easily) when this issues start showing i don't download, change and install anything 
i ask my friend for help and he told that i in 90% have a virus and told me to do logs by HiJackThis and post it here
 
 
 
Logs from HiJackThis
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:00:17, on 2017-04-18
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Amonax\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\InGameManager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Amonax\AppData\Local\razer\InGameEngine\cache\InGameManager\RzCefRenderProcess.exe
C:\Users\Amonax\AppData\Local\razer\InGameEngine\cache\InGameManager\RzCefRenderProcess.exe
C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files\AVAST Software\Avast\gaming_hook.exe
D:\World Of Warcraft - Sunwell\World of Warcraft 3.3.5a (no install)\Wow.exe
\?\C:\Users\Amonax\AppData\Roaming\discord\0.0.297\modules\discord_overlay\1\DiscordOverlay.x86.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
D:\World Of Warcraft - Sunwell\World of Warcraft 3.3.5a (no install)\Screenshots\scoped_dir_8188_12064\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Amonax\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Discord] C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RazerCortex] "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk = ?
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9866 bytes

Edit: Moved topic from Windows 7 to the more appropriate forum, due to the inclusion of a HijackThis log. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 19 April 2017 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 Amonax

Amonax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 19 April 2017 - 03:11 PM

Hi Nasdaq!

thanks for reply

 

LOGS:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/19/17
Scan Time: 9:51 PM
Logfile: XXXXXXXXXXX.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1763
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Amonax-PC\Amonax
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307628
Time Elapsed: 2 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
HackTool.ChewWGA, C:\USERS\AMONAX\DOWNLOADS\CHEVWEGA.EXE, Quarantined, [2637], [74347],1.0.1763
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
----------------------------------------------------------------------------------------------------------------------------------------------------
 
 
# AdwCleaner v6.045 - Logfile created 19/04/2017 at 22:01:25
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Amonax - AMONAX-PC
# Running from : C:\Users\Amonax\AppData\Local\Temp\scoped_dir1600_20560\adwcleaner_6.045.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1247 Bytes] - [19/04/2017 22:01:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [1518 Bytes] - [19/04/2017 22:01:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1393 Bytes] ##########
 
----------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by Amonax (administrator) on AMONAX-PC (19-04-2017 22:05:38)
Running from C:\Users\Amonax\AppData\Local\Temp\scoped_dir6920_30446
Loaded Profiles: Amonax (Available Profiles: Amonax)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Amonax\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\44.0.2510.1218\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [BingSvc] => C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [Spotify Web Helper] => C:\Users\Amonax\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-04] (Spotify Ltd)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [Spotify] => C:\Users\Amonax\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-04] (Spotify Ltd)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [Discord] => C:\Users\Amonax\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
Startup: C:\Users\Amonax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2017-04-19]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{461DA9DC-4E3D-4710-8677-2F749A9E0080}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-07]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default [2017-04-17]
CHR Extension: (Google Docs) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Avast SafePrice) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-28]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-14]
CHR Extension: (Avast Online Security) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxps://www.google.pl/"
OPR Extension: (Adblock Plus) - C:\Users\Amonax\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-03-28] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-28] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-19] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47552 2017-03-28] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-02-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [43544 2016-02-04] (Razer Inc)
S3 GPU-Z; \??\C:\Users\Amonax\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-19 22:04 - 2017-04-19 22:05 - 00000000 ____D C:\FRST
2017-04-19 22:04 - 2017-04-19 22:04 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-19 22:03 - 2017-04-19 22:04 - 02424832 _____ (Farbar) C:\Users\Amonax\Downloads\FRST64.exe
2017-04-19 22:02 - 2017-04-19 22:02 - 00001476 _____ C:\Users\Amonax\Desktop\AdwCleaner[C0].txt
2017-04-19 21:58 - 2017-04-19 22:01 - 00000000 ____D C:\AdwCleaner
2017-04-19 21:58 - 2017-04-19 21:58 - 04089296 _____ C:\Users\Amonax\Downloads\adwcleaner_6.045.exe
2017-04-19 21:57 - 2017-04-19 21:57 - 00001169 _____ C:\Users\Amonax\Desktop\XXXXXXXXXXX.txt
2017-04-19 21:49 - 2017-04-19 21:49 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-19 21:48 - 2017-04-19 22:02 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-19 21:48 - 2017-04-19 22:02 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-19 21:48 - 2017-04-19 22:02 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-19 21:48 - 2017-04-19 22:02 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-19 21:48 - 2017-04-19 21:48 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-19 21:48 - 2017-04-19 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-19 21:48 - 2017-04-19 21:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-19 21:48 - 2017-04-19 21:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-19 21:48 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-19 21:44 - 2017-04-19 21:45 - 60107896 _____ (Malwarebytes ) C:\Users\Amonax\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-19 15:40 - 2017-03-28 05:32 - 00153536 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-04-19 15:40 - 2017-03-28 05:32 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-04-19 15:40 - 2017-03-28 05:32 - 00047552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-04-17 19:13 - 2017-04-17 19:13 - 00028808 _____ C:\Users\Amonax\Documents\cc_20170417_191321.reg
2017-04-17 11:08 - 2017-04-17 11:08 - 00003022 _____ C:\Windows\System32\Tasks\{082E9231-4E41-478A-8B0F-389BF2D9F15C}
2017-04-17 10:50 - 2017-04-17 14:38 - 00001441 _____ C:\Users\Amonax\Desktop\WoW SyfWell.lnk
2017-04-12 13:45 - 2017-04-12 13:45 - 00000000 ____D C:\Users\Amonax\Documents\Diablo III
2017-04-11 23:21 - 2017-04-17 05:08 - 00000000 ____D C:\Users\Amonax\AppData\Local\Battle.net
2017-04-11 23:21 - 2017-04-11 23:21 - 00000974 _____ C:\Users\Public\Desktop\Aplikacja Blizzard.lnk
2017-04-11 23:21 - 2017-04-11 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikacja Blizzard
2017-04-11 23:12 - 2017-04-17 00:53 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-04-11 23:08 - 2017-04-11 23:22 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\Battle.net
2017-04-10 19:44 - 2017-04-16 16:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-10 19:44 - 2017-04-10 19:44 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-04-10 19:44 - 2017-04-10 19:44 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\TeamViewer
2017-04-10 15:39 - 2017-04-10 15:39 - 00019766 _____ C:\Users\Amonax\Documents\cc_20170410_153941.reg
2017-04-10 15:35 - 2017-03-21 06:27 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-04-10 15:34 - 2017-04-10 18:29 - 00000000 ____D C:\Temp
2017-04-10 15:34 - 2017-04-10 15:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-10 15:34 - 2017-04-01 03:36 - 00136248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-04-10 15:34 - 2017-03-10 23:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-04-10 15:34 - 2017-03-10 23:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-04-10 15:34 - 2017-03-10 23:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-04-10 15:34 - 2017-03-10 23:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-04-10 15:33 - 2017-04-02 18:12 - 00218040 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-04-10 15:33 - 2017-04-02 18:12 - 00046008 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 35315256 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 17418608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 16431320 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 14653888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-04-10 15:33 - 2017-04-01 05:20 - 11112928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 10636240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 09316648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 09014792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 08876272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 03430336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 03012152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438165.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438165.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 01054776 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00991800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00960448 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00912952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00577544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00507504 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00491208 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00426312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00406736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-04-10 15:33 - 2017-04-01 05:20 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-04-10 15:33 - 2017-04-01 05:20 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-04-10 15:33 - 2017-04-01 02:41 - 00076840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-04-06 15:09 - 2017-04-06 15:10 - 11809668 _____ C:\Users\Amonax\Documents\test.mp4
2017-04-04 19:16 - 2017-04-14 18:03 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-04 19:16 - 2017-04-04 19:16 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-04 19:16 - 2017-04-04 19:15 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 19:16 - 2017-04-04 19:15 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 19:16 - 2017-04-04 19:15 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 19:16 - 2017-04-04 19:15 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-27 15:57 - 2017-03-27 15:57 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-03-27 15:57 - 2017-03-27 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-27 15:56 - 2017-03-27 15:56 - 00000000 ____D C:\Program Files\Java
2017-03-27 13:55 - 2017-03-27 13:55 - 00000000 ____D C:\Users\Amonax\Documents\Razer
2017-03-24 19:27 - 2017-04-11 21:00 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\.minecraft
2017-03-24 19:27 - 2017-03-24 19:27 - 03589050 _____ () C:\Users\Amonax\Desktop\Shiginima.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-19 22:04 - 2016-09-07 17:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-19 22:03 - 2016-09-07 18:40 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\Skype
2017-04-19 22:02 - 2016-10-29 13:52 - 00000000 ____D C:\Users\Amonax\AppData\Local\Spotify
2017-04-19 22:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 22:01 - 2009-07-14 06:45 - 00023440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-19 22:01 - 2009-07-14 06:45 - 00023440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-19 21:56 - 2016-10-29 13:51 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\Spotify
2017-04-19 15:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-19 15:43 - 2016-09-17 16:32 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:43 - 2016-09-17 16:32 - 00001420 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-04-19 15:43 - 2016-09-07 16:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-19 15:41 - 2017-03-18 12:43 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-11-13 22:30 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-09-17 16:32 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-09-17 16:32 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-09-17 16:32 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-09-17 16:32 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-19 15:41 - 2016-09-07 16:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-19 15:41 - 2016-09-07 16:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-19 10:27 - 2016-09-09 17:12 - 00000000 ____D C:\Users\Amonax\AppData\Local\Adobe
2017-04-19 10:22 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:37 - 2016-09-30 18:45 - 00000000 ____D C:\Users\Amonax\AppData\Local\Razer
2017-04-18 22:37 - 2016-09-30 18:44 - 00000000 ____D C:\ProgramData\Razer
2017-04-18 22:37 - 2016-09-30 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-04-18 22:37 - 2016-09-30 18:44 - 00000000 ____D C:\Program Files (x86)\Razer
2017-04-18 21:59 - 2016-09-07 15:37 - 00000000 ____D C:\Users\Amonax\AppData\Local\VirtualStore
2017-04-17 19:15 - 2016-12-22 16:14 - 00000000 ____D C:\Users\Amonax\AppData\Local\osu!
2017-04-17 19:12 - 2016-11-08 23:35 - 00000000 ____D C:\Users\Amonax\Downloads\muzyka
2017-04-17 19:07 - 2016-09-07 15:54 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1473256481
2017-04-17 19:07 - 2016-09-07 15:54 - 00000000 ____D C:\Program Files (x86)\Opera
2017-04-17 10:47 - 2016-09-17 17:10 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\uTorrent
2017-04-16 16:46 - 2016-09-08 16:55 - 00000000 ____D C:\Users\Amonax\AppData\Local\CrashDumps
2017-04-15 09:41 - 2016-12-28 17:04 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\discord
2017-04-11 23:06 - 2016-09-07 16:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-11 14:05 - 2016-09-09 17:13 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 14:05 - 2016-09-09 17:13 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 14:05 - 2016-09-09 17:13 - 00004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 14:05 - 2016-09-09 17:13 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 14:05 - 2016-09-09 17:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 14:05 - 2016-09-09 17:13 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 14:05 - 2016-09-07 18:01 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 14:05 - 2016-09-07 18:01 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 13:59 - 2016-09-07 16:42 - 00064352 _____ C:\Users\Amonax\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-11 13:54 - 2009-07-14 06:45 - 04920104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-10 15:38 - 2016-09-10 16:38 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\TS3Client
2017-04-10 15:35 - 2016-09-07 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-04-09 14:20 - 2016-09-08 15:58 - 00001712 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-09 11:09 - 2016-09-19 14:33 - 00000132 _____ C:\Users\Amonax\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-04-08 20:48 - 2016-09-07 17:10 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-08 20:10 - 2016-09-07 21:26 - 00000000 ____D C:\Users\Amonax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-06 18:25 - 2016-09-07 18:37 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 18:25 - 2016-09-07 18:37 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 19:37 - 2016-09-07 19:11 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473268265
2017-04-04 19:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-04 19:16 - 2016-09-07 17:23 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 19:16 - 2016-09-07 17:23 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-04 19:15 - 2016-09-07 18:27 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 19:15 - 2016-09-07 17:23 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-02 18:12 - 2016-09-07 17:07 - 01600560 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 28560440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 20055968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 13398512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 04071816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 03588376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-04-01 05:20 - 2016-09-07 17:07 - 00042897 _____ C:\Windows\system32\nvinfo.pb
2017-04-01 04:10 - 2016-09-07 17:08 - 06437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 02481208 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-04-01 04:10 - 2016-09-07 17:08 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-31 12:15 - 2016-09-07 17:08 - 07851747 _____ C:\Windows\system32\nvcoproc.bin
2017-03-28 05:32 - 2016-09-17 16:32 - 01882048 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-28 05:32 - 2016-09-17 16:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-28 05:32 - 2016-09-17 16:32 - 01472960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-28 05:32 - 2016-09-17 16:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-28 05:32 - 2016-09-17 16:32 - 00121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-28 03:25 - 2016-09-17 16:32 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-27 15:05 - 2017-02-27 00:18 - 00002517 _____ C:\Users\Amonax\Desktop\New Text Document.txt
2017-03-24 19:21 - 2016-09-18 11:09 - 00000000 ____D C:\ProgramData\Oracle
 
==================== Files in the root of some directories =======
 
2016-09-19 14:24 - 2016-09-19 21:05 - 0000132 _____ () C:\Users\Amonax\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2016-09-19 14:33 - 2017-04-09 11:09 - 0000132 _____ () C:\Users\Amonax\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-21 15:57 - 2016-12-28 23:41 - 0001456 _____ () C:\Users\Amonax\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-03 19:50 - 2017-01-03 19:50 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
 
C:\Windows\SysWOW64\User32.dll
[2017-03-18 11:31] - [2017-03-18 11:31] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-17 01:35
 
==================== End of FRST.txt ============================
 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 20 April 2017 - 07:16 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [BingSvc] => C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-28]
CHR Extension: (Avast Online Security) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 GPU-Z; \??\C:\Users\Amonax\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 Amonax

Amonax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 April 2017 - 08:17 AM

some of my programs/games gets freeze and don't respond when i close them for about 30sec-1min

and other programs run really slow (my pc always hold those programs easily)

 

 

 

FixLogs 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by Amonax (20-04-2017 15:10:12) Run:1
Running from C:\Users\Amonax\Downloads
Loaded Profiles: Amonax (Available Profiles: Amonax)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(© 2015 Microsoft Corporation) C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\...\Run: [BingSvc] => C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-28]
CHR Extension: (Avast Online Security) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 GPU-Z; \??\C:\Users\Amonax\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Amonax\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-4287465119-1633940504-1134386326-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Amonax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\GPU-Z => key removed successfully
GPU-Z => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27695610 B
Java, Flash, Steam htmlcache => 273105372 B
Windows/system/drivers => 1191984 B
Edge => 0 B
Chrome => 7656377 B
Firefox => 0 B
Opera => 442326201 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100688 B
systemprofile32 => 57329 B
LocalService => 66228 B
NetworkService => 66228 B
Amonax => 232841256 B
 
RecycleBin => 0 B
EmptyTemp: => 947.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:10:43 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 21 April 2017 - 06:47 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

#7 Amonax

Amonax
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 April 2017 - 07:25 AM

ok... program called "Malverbytes" helps - 1 day after i dowload this i run a program that have this issuse after closeing i dont meet any problems

and Malverbytes send me message that it find a Virus in program files

 

and now it works fine Thanks for help!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 21 April 2017 - 07:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users