Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected USB [Closed]

Mcshield USB hidden files

  • This topic is locked This topic is locked

#1
gyurgyalag

gyurgyalag

    Member

  • Member
  • PipPip
  • 16 posts

Hi guys,

 

 I might have a stupid problem, but I could not solve it yet. So I used my USB in another computer and my files were infected after that. I read some online articles and guides then I downloaded Mcshield and it worked perfectly (I also use Avast).  I could restore  all my data from the USB. I had to use the same computer again and I got some virus again...but this time all my files are still hidden. There are no folders in the USB, but the memory shows that there are files on it. When I try to restore the files from the quarantine, it creates a new folder but I cannot open in, the folder gives the warning message and it goes back to quarantine. any tips how to get my data back?

hope to get some advice soon!

 Niki

 

 

 

that's the log from MCShield:

 

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2015.1.8.1 / Windows 7 <<<
 
 
2015.01.09. 8:03:52 > Drive F: - scan started (KINGSTON ~7392 MB, FAT32 flash drive )...
 
 
 
---> Note: traces of file replicators have been found!
 
---> Executing generic S&D routine...
 
 
>>> F:\szakdoga                                   .scr - Malware > Deleted. (15.01.09. 08.04 szakdoga                                   .scr.969784; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\Thailand                                   .scr - Malware > Deleted. (15.01.09. 08.04 Thailand                                   .scr.388389; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\user Porn.exe - Malware > Deleted. (15.01.09. 08.04 user Porn.exe.935170; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\Amornrat                                   .scr - Malware > Deleted. (15.01.09. 08.04 Amornrat                                   .scr.566265; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\SEED MORPHOLOGY                                   .scr - Malware > Deleted. (15.01.09. 08.04 SEED MORPHOLOGY                                   .scr.6736; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\08.01.2015                                   .scr - Malware > Deleted. (15.01.09. 08.04 08.01.2015                                   .scr.596243; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\cikkek                                   .scr - Malware > Deleted. (15.01.09. 08.04 cikkek                                   .scr.161479; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\cönol tabella                                   .scr - Malware > Deleted. (15.01.09. 08.04 cönol tabella                                   .scr.638943; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\diverzitás, dom, diff, pref, védett                                   .scr - Malware > Deleted. (15.01.09. 08.04 diverzitás, dom, diff, pref, védett                                   .scr.514014; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\N, SBT, W, ÉFO                                   .scr - Malware > Deleted. (15.01.09. 08.04 N, SBT, W, ÉFO                                   .scr.540001; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\végleges                                   .scr - Malware > Deleted. (15.01.09. 08.04 végleges                                   .scr.795795; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
>>> F:\szakdoga\otthonra                                   .scr - Malware > Deleted. (15.01.09. 08.04 otthonra                                   .scr.158906; MD5: 26236245e4ea2b956285a9c6a3887fc9)
 
 
=> Malicious files   : 12/12 deleted.
 

  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello gyurgyalag, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================

 

Please answer the following questions before we begin. 
 

So I used my USB in another computer

Is this your computer? Do you have access to the machine? Is this the machine you installed MCShield on? 
 

but this time all my files are still hidden.

What machine are you using to access your USB drive now? Is it the computer mentioned in the quotation above?
 

When I try to restore the files from the quarantine

What files are these? What quarantine?


  • 0

#3
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

thanks a million, Adam! You can call me Niki :)

 

1. so, normally I use my laptop for work, but I used a computer at the university for some research. I used that computer to take photos with a microscope, then I copied the photos to the USB from the computer. The next day I tried to open the files from the USB on my laptop, that's  when I faced the problem.

The computer is located in another city, so I don't have access. I downloaded Mcshield to my laptop, I am afraid the computer does not have it.

 

2. it's my laptop.

 

3. I have some documents and photos on my USB, but I cannot see or open them. I can see the files in the quarantine of Mcshield, and when I try to restore them, they go to the virus chest of Avast.


  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Niki, 
 
Thank you, that clears things up. 
 
Please do the following using your laptop. 
 
STEP 1
yFMlxsM.png Disable AutoRun

  • Please download and run this Microsoft Fixit to disable AutoRun.
  • (Scroll down to: How to disable or enable all Autorun features in Windows 7 and other operating systems)
  • Reboot your computer after running the Fixit.
     

STEP 2
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 3
nQPbWA9.png USBFix Research

  • Please download USBFix and save the file to your Desktop.
  • Note: The website is in Spanish. Click Descagar to download. 
  • Right-Click USBFix and select AVOiBNU.jpg Run as administrator to run the programme.
  • Hold the Shift key on your keyboard and insert the infected USB into your PC.
  • Click Research
  • A log (C:\UsbFix [Scan 1] username.txt) will be created. Copy the contents of the log and paste in your next reply.
  • Note: username corresponds to the username of your current profile. 
     

STEP 4
nQPbWA9.png USBFix Listing

  • Ensure the infected USB is still inserted in your PC.
  • Click Listing
  • A log (C:\UsbFix [Listing 1 ] username.txt) will be created. Copy the contents of the log and paste in your next reply.
  • Note: username corresponds to the username of your current profile. 
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) / Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you successfully run the Microsoft Fixit?
  • C:\UsbFix [Scan 1] username.txt
  • C:\UsbFix [Listing 1 ] username.txt
  • FRST.txt
  • Addition.txt

  • 0

#5
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes, I did. 
 
 
Scan:
 
 
############################## | UsbFix V 7.807 | [Research]
 
User: Niki (Administrator) # NIKI-PC
Updated 18/12/2014 by El Desaparecido - SosVirus
Started at 16:03:27 | 13/01/2015
 
Live detection : http://how-to-remove.us/
 
################## | System information |
 
MB: SAMSUNG ELECTRONICS CO., LTD. (R530/R730) 
CPU: Pentium® Dual-Core CPU       T4400  @ 2.20GHz
GC: Mobile Intel® 4 Series Express Chipset Family
RAM -> [Total : 2009 Mo | Free : 582 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
 
OS: Microsoft™ Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 39.0.2171.95
WB: Mozilla Firefox : 26.0
 
################## | Security Information |
 
AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: avast! Antivirus [(!) Disabled |Updated]
FW: avast! Antivirus [(!) Disabled]
AS: Malwarebytes Anti-Malware : 2.0.4.1028
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
 
################## | Disk Information |
 
C:\ (%SystemDrive%) -> Fixed disk # 133 Gb (49 Gb free - 37%) [] # NTFS
D:\ -> Fixed disk # 150 Gb (27 Gb free - 18%) [] # NTFS
F:\ -> Removable disk # 7 Gb (2 Gb free - 27%) [KINGSTON] # FAT32
 
################## | Regedit Run |
 
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [MCShield Monitor] C:\Program Files\MCShield\mcshieldrtm.exe
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run : [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
04 - HKLM\..\Run : [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
04 - HKLM\..\Run : [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"
04 - HKLM\..\Run : [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\windows\system32\igfxpers.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3713088183-2547557746-3158852234-1000\..\Run : [MCShield Monitor] C:\Program Files\MCShield\mcshieldrtm.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601
04GS - Adobe Gamma.lnk : C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
04GS - Dropbox.lnk : C:\Users\Niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
04GS - OneNote 2007 – Képernyőrész kivágása és gyorsindítás.lnk : C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
 
################## | Generic Research |
 
 
################## | Registry |
 
 
################## | UsbFix - Information |
 
Live detection : http://how-to-remove.us/
 
################## | Hijack |
 
Hijacked! [SHD] F:\szakdoga
Hijacked! [SHD] F:\Thailand
Hijacked! [SHD] F:\08.01.2015
Hijacked! [SHD] F:\Amornrat
Hijacked! [SHD] F:\SEED MORPHOLOGY
Hijacked! [RH] F:\winamp_cache_0001.xml
 
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

Edited by gyurgyalag, 13 January 2015 - 03:14 AM.

  • 0

#6
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Listing:

 

############################## | UsbFix V 7.807 | [Listing]
 
User: Niki (Administrator) # NIKI-PC
Updated 18/12/2014 by El Desaparecido - SosVirus
Started at 16:09:22 | 13/01/2015
 
Live detection : http://how-to-remove.us/
 
################## | System information |
 
MB: SAMSUNG ELECTRONICS CO., LTD. (R530/R730) 
CPU: Pentium® Dual-Core CPU       T4400  @ 2.20GHz
GC: Mobile Intel® 4 Series Express Chipset Family
RAM -> [Total : 2009 Mo | Free : 482 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
 
OS: Microsoft™ Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 39.0.2171.95
WB: Mozilla Firefox : 26.0
 
################## | Security Information |
 
AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: avast! Antivirus [(!) Disabled |Updated]
FW: avast! Antivirus [(!) Disabled]
AS: Malwarebytes Anti-Malware : 2.0.4.1028
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
 
################## | Disk Information |
 
C:\ (%SystemDrive%) -> Fixed disk # 133 Gb (49 Gb free - 37%) [] # NTFS
D:\ -> Fixed disk # 150 Gb (27 Gb free - 18%) [] # NTFS
F:\ -> Removable disk # 7 Gb (2 Gb free - 27%) [KINGSTON] # FAT32
 
################## | C:\ %SystemDrive% - Fixed drive (NTFS) |
 
[11/06/2009 - 04:42:20 | A | 0 Ko] - C:\config.sys
[13/01/2015 - 15:31:59 | ASH | 1542612 Ko] - C:\hiberfil.sys
[13/01/2015 - 15:32:03 | ASH | 2056816 Ko] - C:\pagefile.sys
[12/01/2010 - 08:41:29 | A | 2 Ko] - C:\RHDSetup.log
[12/01/2010 - 08:54:38 | A | 0 Ko] - C:\Setup.log
[11/03/2014 - 04:58:35 | SHD] - C:\$Recycle.Bin
[11/06/2009 - 04:42:20 | A | 0 Ko] - C:\autoexec.bat
[08/10/2014 - 09:02:00 | SHD] - C:\found.000
[14/07/2009 - 09:37:05 | D] - C:\PerfLogs
[14/07/2009 - 11:53:55 | SHD] - C:\Documents and Settings
[02/05/2010 - 22:00:15 | SHD] - C:\Recovery
[02/05/2010 - 22:01:28 | RD] - C:\Users
[07/01/2014 - 14:04:26 | RHD] - C:\MSOCache
[07/01/2014 - 14:50:06 | D] - C:\totalcmd
[28/07/2014 - 01:05:33 | D] - C:\Python27
[29/07/2014 - 16:18:58 | D] - C:\AdwCleaner
[26/11/2014 - 11:31:22 | D] - C:\PhSp_CS2_UE_Ret
[18/12/2014 - 10:21:38 | D] - C:\Program Files
[18/12/2014 - 10:21:38 | HD] - C:\ProgramData
[10/01/2015 - 09:13:47 | D] - C:\Windows
[13/01/2015 - 15:22:02 | SHD] - C:\System Volume Information
[13/01/2015 - 15:53:15 | D] - C:\UsbFix
 
################## | D:\ - Fixed drive (NTFS) |
 
[16/11/2013 - 17:09:18 | AC | 74 Ko] - D:\PatternFills.xlam
[30/05/2013 - 23:46:09 | SHDC] - D:\$RECYCLE.BIN
[10/11/2011 - 12:26:59 | DC] - D:\4bbcf753b934085377281f8d
[13/12/2013 - 00:53:31 | RDC] - D:\NIKI-PC
[07/01/2014 - 01:02:09 | SHD] - D:\System Volume Information
[11/03/2014 - 04:28:39 | HDC] - D:\$AVG
[14/12/2014 - 21:40:53 | DC] - D:\0f119045288d6b0ccf59238854f713c9
[20/12/2014 - 19:40:29 | DC] - D:\NIKI-D
 
################## | F:\ - Removable drive (FAT32) |
 
[01/01/2013 - 18:37:16 | RH | 697 Ko] - F:\winamp_cache_0001.xml
[21/11/2013 - 16:33:52 | AH | 4 Ko] - F:\._.Trashes
[08/01/2015 - 12:19:42 | SHD] - F:\08.01.2015
[17/02/2014 - 18:39:10 | SHD] - F:\szakdoga
[28/11/2014 - 11:29:08 | SHD] - F:\Thailand
[17/12/2014 - 10:03:54 | SHD] - F:\Amornrat
[25/12/2014 - 10:22:24 | SHD] - F:\SEED MORPHOLOGY
 
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

  • 0

#7
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Niki (administrator) on NIKI-PC on 13-01-2015 16:13:23
Running from C:\Users\Niki\Downloads
Loaded Profile: Niki (Available profiles: Niki)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: magyar (Magyarország)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Dropbox, Inc.) C:\Users\Niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-3713088183-2547557746-3158852234-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-12] (MyCity)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-01-12] (Microsoft Corporation)
Startup: C:\Users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 – Képernyőrész kivágása és gyorsindítás.lnk
ShortcutTarget: OneNote 2007 – Képernyőrész kivágása és gyorsindítás.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3713088183-2547557746-3158852234-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> URL http://www.trovigo.c...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live bejelentkezési segítség -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.101.150.23 10.101.102.26 10.66.255.2 202.12.97.1
 
FireFox:
========
FF ProfilePath: C:\Users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\jnlokmmi.default
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sztaki-en-hu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vatera.xml
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.greenfo.hu/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> trovigo.com
CHR DefaultSearchURL: Default -> http://www.trovigo.c...ARCH_TERM&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.searc...x={searchTerms}
CHR Profile: C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokumentumok) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (YouTube) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Adblock Plus) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-11]
CHR Extension: (Google-keresés) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (AdBlock) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-10]
CHR Extension: (Avast Online Security) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-11]
CHR Extension: (Google Pénztárca) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-10]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-26] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-10] (AVAST Software)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-07-28] (Flexera Software LLC)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2015-01-10] ()
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [26136 2015-01-10] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2015-01-10] (AVAST Software)
R0 aswNdisFlt; C:\windows\System32\DRIVERS\aswNdisFlt.sys [271288 2015-01-10] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2015-01-10] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2015-01-10] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2015-01-10] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2015-01-10] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2015-01-10] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2015-01-10] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-11] (Malwarebytes Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 16:13 - 2015-01-13 16:14 - 00015190 _____ () C:\Users\Niki\Downloads\FRST.txt
2015-01-13 16:12 - 2015-01-13 16:13 - 00000000 ____D () C:\FRST
2015-01-13 16:10 - 2015-01-13 16:10 - 01115648 _____ (Farbar) C:\Users\Niki\Downloads\FRST.exe
2015-01-13 15:53 - 2015-01-13 15:53 - 00001448 _____ () C:\Users\Niki\Desktop\UsbFix.lnk
2015-01-13 15:53 - 2015-01-13 15:53 - 00000000 ____D () C:\UsbFix
2015-01-13 15:51 - 2015-01-13 15:52 - 03989560 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Niki\Downloads\UsbFix.exe
2015-01-13 15:20 - 2015-01-13 15:21 - 00655360 _____ () C:\Users\Niki\Downloads\MicrosoftFixit50471.msi
2015-01-13 15:10 - 2015-01-13 15:10 - 00033846 _____ () C:\Users\Niki\Downloads\Density PhuPhan NP 2013 (Upd 13 Jan 2015).xlsx
2015-01-13 12:44 - 2015-01-13 12:44 - 00000000 ____D () C:\Users\Niki\Desktop\munka
2015-01-13 12:44 - 2014-12-03 10:29 - 00001464 _____ () C:\Users\Niki\Desktop\munkahelyek.txt
2015-01-13 10:28 - 2015-01-13 10:29 - 00000150 _____ () C:\Users\Niki\Desktop\site1.csv
2015-01-13 10:20 - 2015-01-13 10:20 - 00000698 _____ () C:\Users\Niki\Desktop\dens.csv
2015-01-11 09:44 - 2015-01-11 09:45 - 30344324 _____ (Adobe Systems Incorporated) C:\Users\Niki\Downloads\AcrobatStd_11_Web_WWMUI.exe
2015-01-10 18:53 - 2015-01-10 18:53 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\Mozilla
2015-01-10 18:53 - 2015-01-10 18:53 - 00000000 ____D () C:\Users\Niki\AppData\Local\Mozilla
2015-01-10 09:17 - 2015-01-10 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-10 09:14 - 2015-01-10 09:13 - 00026136 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-01-10 09:13 - 2015-01-10 09:13 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-01-10 09:13 - 2015-01-10 09:13 - 00271288 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-01-10 09:13 - 2015-01-10 09:13 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2015-01-10 09:01 - 2015-01-10 09:02 - 04978536 _____ (AVAST Software) C:\Users\Niki\Downloads\avast_internet_security_setup_online.exe
2015-01-09 16:08 - 2015-01-09 16:08 - 00071155 _____ () C:\Users\Niki\Downloads\PatternFills.zip
2015-01-09 09:13 - 2015-01-09 09:13 - 00033944 _____ () C:\Users\Niki\Downloads\Density PhuPhan NP 2013.xlsx
2015-01-09 09:13 - 2015-01-09 09:13 - 00012152 _____ () C:\Users\Niki\Downloads\Sum_Density 2013.xlsx
2015-01-09 09:13 - 2015-01-09 09:13 - 00012152 _____ () C:\Users\Niki\Downloads\Sum_Density 2013 (1).xlsx
2015-01-06 17:56 - 2015-01-06 17:56 - 00061719 _____ () C:\Users\Niki\Downloads\Density of Eriocaulon 2557_Raw data (2).xlsx
2015-01-06 17:41 - 2015-01-06 17:42 - 00061633 _____ () C:\Users\Niki\Downloads\Density of Eriocaulon 2557_Raw data (1).xlsx
2015-01-06 08:37 - 2015-01-06 08:37 - 00061719 _____ () C:\Users\Niki\Downloads\Density of Eriocaulon 2557_Raw data.xlsx
2015-01-06 08:37 - 2015-01-06 08:37 - 00051012 _____ () C:\Users\Niki\Downloads\Density PhuPhan NK.xlsx
2015-01-03 20:05 - 2015-01-03 20:57 - 1460671614 ____R () C:\Users\Niki\Downloads\Ingmar Bergman - Fanny És Alexander.avi
2015-01-03 20:04 - 2015-01-03 21:43 - 1321567068 ____R () C:\Users\Niki\Downloads\Orok pillanatok.avi
2015-01-03 20:04 - 2015-01-03 20:22 - 00000000 ____D () C:\Users\Niki\Downloads\Kínában kutyát esznek
2015-01-03 19:57 - 2015-01-03 20:13 - 00000000 ____D () C:\Users\Niki\Downloads\Oslo, augusztus
2014-12-29 18:07 - 2014-12-29 18:07 - 00000000 ____D () C:\Users\Niki\Downloads\Calvary.2014.BDRip.x264-ROVERS
2014-12-29 13:10 - 2015-01-05 10:24 - 00000000 ____D () C:\Users\Niki\Desktop\eriocaulon
2014-12-25 16:45 - 2014-12-25 16:52 - 00000000 ____D () C:\Users\Niki\Downloads\The.Hundred-Foot.Journey.2014.BDRip.x264-SPARKS
2014-12-24 18:27 - 2014-12-24 18:53 - 00000000 ____D () C:\Users\Niki\Downloads\A.Touch.of.Sin.2013.720p.BluRay.x264-ROVERS
2014-12-18 10:21 - 2015-01-13 15:57 - 00000000 ____D () C:\ProgramData\MCShield
2014-12-18 10:21 - 2014-12-18 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-12-18 10:21 - 2014-12-18 10:21 - 00000000 ____D () C:\Program Files\MCShield
2014-12-18 09:42 - 2014-12-13 10:33 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-16 08:00 - 2014-12-16 08:00 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-15 09:50 - 2014-12-04 11:38 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-15 09:50 - 2014-12-04 11:38 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-15 09:50 - 2014-12-04 11:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-15 09:50 - 2014-12-04 11:34 - 00873984 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-15 09:50 - 2014-12-02 06:28 - 01160872 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-15 09:49 - 2014-12-04 11:38 - 00337920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-15 09:49 - 2014-12-04 11:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-15 09:49 - 2014-12-04 11:38 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 15:50 - 2010-01-13 01:34 - 01547482 _____ () C:\windows\WindowsUpdate.log
2015-01-13 15:39 - 2009-07-14 11:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:39 - 2009-07-14 11:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:33 - 2014-01-25 18:28 - 00000000 ___RD () C:\Users\Niki\Dropbox
2015-01-13 15:33 - 2014-01-25 16:47 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\Dropbox
2015-01-13 15:32 - 2010-05-02 22:01 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-01-13 15:32 - 2009-07-14 11:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 15:32 - 2009-07-14 11:39 - 00095541 _____ () C:\windows\setupact.log
2015-01-13 15:15 - 2014-01-07 14:13 - 00001016 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 10:32 - 2014-03-18 17:32 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\FileAdvisor
2015-01-13 10:32 - 2014-03-17 17:31 - 00000000 ____D () C:\Program Files\File Type Advisor
2015-01-12 22:19 - 2014-01-11 22:25 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\Skype
2015-01-12 21:53 - 2014-01-12 01:52 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\vlc
2015-01-11 11:19 - 2014-07-29 00:28 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 09:20 - 2010-01-12 09:55 - 00840760 _____ () C:\windows\PFRO.log
2015-01-10 09:15 - 2014-01-07 14:20 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2015-01-10 09:15 - 2014-01-07 14:20 - 00423784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2015-01-10 09:13 - 2014-07-27 02:50 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-01-10 09:13 - 2014-01-07 14:20 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-01-10 09:13 - 2014-01-07 14:20 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2015-01-10 09:13 - 2014-01-07 14:20 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-01-10 09:13 - 2014-01-07 14:20 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-01-10 09:13 - 2014-01-07 14:20 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-01-10 08:57 - 2014-01-27 02:57 - 00000000 ____D () C:\Users\Niki\Desktop\privát
2015-01-09 21:00 - 2014-03-14 18:38 - 00000000 ___RD () C:\Program Files\Skype
2015-01-09 21:00 - 2014-01-11 22:24 - 00000000 ____D () C:\ProgramData\Skype
2015-01-09 08:05 - 2009-07-27 03:06 - 00006388 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 04:36 - 2014-01-11 20:30 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-05 09:09 - 2014-07-31 22:19 - 00000000 ____D () C:\Users\Niki\Desktop\Thailand
2015-01-03 23:11 - 2014-01-11 22:45 - 00000000 ____D () C:\Users\Niki\AppData\Roaming\uTorrent
2014-12-22 19:33 - 2012-04-15 02:39 - 00000000 ____D () C:\Users\Niki\Desktop\filmek
2014-12-20 12:24 - 2014-01-25 00:06 - 00000000 ____D () C:\Program Files\Rotation Pilot
2014-12-16 08:00 - 2014-05-07 03:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-16 08:00 - 2009-07-14 09:37 - 00000000 ____D () C:\windows\AppCompat
2014-12-16 07:51 - 2014-07-29 00:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-16 07:51 - 2009-07-14 11:52 - 00000000 ____D () C:\windows\Performance
2014-12-15 19:37 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\Niki\Documents\Youcam
2014-12-15 10:36 - 2014-07-29 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 10:36 - 2014-01-28 03:11 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-15 09:27 - 2014-01-07 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 09:24 - 2010-05-02 22:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
 
Some content of TEMP:
====================
C:\Users\Niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpik2onc.dll
C:\Users\Niki\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Niki\AppData\Local\Temp\Quarantine.exe
C:\Users\Niki\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Niki\AppData\Local\Temp\SimilarBundleGenericDl.exe
C:\Users\Niki\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Niki\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-05 16:51
 
==================== End Of Log ============================

  • 0

#8
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Niki at 2015-01-13 16:14:31
Running from C:\Users\Niki\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3713088183-2547557746-3158852234-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Hungarian (HKLM\...\{AC76BA86-7AD7-1038-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
ArcGIS 10.2.2 for Desktop (HKLM\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Data Desk 6.3 Demo (HKLM\...\Data Desk 6.3 Demo) (Version:  - )
Dropbox (HKU\S-1-5-21-3713088183-2547557746-3158852234-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 65.156.32831 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free EbookConverter (HKLM\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.0.0.13 - HamsterSoft)
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kompatibilitási csomag a 2007-es Office rendszerhez (HKLM\...\{90120000-0020-040E-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Malwarebytes Anti-Malware 2.0.4.1028 verzió (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help-frissítés (KB963678) (HKLM\...\{90120000-0016-040E-0000-0000000FF1CE}_ENTERPRISE_{76BD9044-91EB-46FC-8CA6-0AA239BB8A93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help-frissítés (KB963669) (HKLM\...\{90120000-0018-040E-0000-0000000FF1CE}_ENTERPRISE_{6863CE52-1321-482E-B930-B325EE09AEFF}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (Hungarian) (HKLM\...\{95120000-00AF-040E-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2007 Help-frissítés (KB963665) (HKLM\...\{90120000-001B-040E-0000-0000000FF1CE}_ENTERPRISE_{0E56E23A-EDB8-42C7-A285-7258C5944EB4}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C7F2F1C7-4AFB-4025-8CE2-848CEF731B88}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 hu) (HKLM\...\Mozilla Firefox 26.0 (x86 hu)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.5 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UsbFix (HKLM\...\Usbfix) (Version: 7.807 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live bejelentkezési segéd (HKLM\...\{733EB793-0840-4D69-97AA-6934FC79DB16}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live feltöltőeszköz (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{816DAA3A-B289-4736-BE15-AFDE0A228618}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
30-12-2014 17:40:38 Windows Update
03-01-2015 18:30:58 Windows Update
07-01-2015 07:29:37 Windows Update
10-01-2015 08:59:51 Windows Update
10-01-2015 09:08:15 avast! antivirus system restore point
10-01-2015 09:15:43 Eszközillesztő-csomag telepítése: Avast Hálózati szolgáltatás
13-01-2015 15:21:28 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02892405-6E6B-42E1-9B9B-B6AE01F7E894} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1F60C1EB-9AD5-4B82-9277-00002404F592} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {3C3FA0AD-0919-4E02-9ADF-AFF4EE1A091F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {47E04985-607B-443E-BFCE-F5DEFFC82A85} - System32\Tasks\{124CEB1B-B158-4A5C-B1A7-07325B8BA63C} => pcalua.exe -a C:\Users\Niki\Downloads\PhSp_CS2_English.exe -d C:\Users\Niki\Downloads
Task: {5A0C83D5-70F3-46B1-9490-C72CE042F708} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6FE21F7F-08C1-4B8B-9FAB-CDBFB5E8F955} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {7A1265CD-BCA2-4611-B6BB-783DC484BDD4} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {7F011A78-3174-405F-87DB-3B8ECF55162A} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {9293833F-4555-4DD6-9127-E80B336054AF} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-07-24] ()
Task: {B645111E-1470-492B-A7A5-131D1777814C} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-11] (SEC)
Task: {BAE24A0D-D3C6-4EB0-A21B-13AA51CB3737} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {CEC9CC4B-01B6-4D61-A324-FCF9D4ACE431} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-10] (AVAST Software)
Task: {D0C4CC55-BE07-4389-8CA4-09D1D45031A3} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {D6BA0C0A-1617-49CD-8D22-2EB856D72A1F} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {E4E37CC1-2532-405F-8A54-48B30308CFE4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3713088183-2547557746-3158852234-1000
Task: {F0F1C806-3B12-41EF-A4D7-CD487FE45F1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {F38663F2-46E2-4303-9757-99654515D140} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-13 14:47 - 2015-01-13 14:47 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011300\algo.dll
2010-01-12 08:49 - 2009-07-08 01:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-06-03 18:59 - 2009-06-03 18:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 18:59 - 2009-06-03 18:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-10 09:13 - 2015-01-10 09:13 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-22 07:22 - 2014-10-22 07:22 - 00750080 _____ () C:\Users\Niki\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-13 15:33 - 2015-01-13 15:33 - 00043008 _____ () c:\users\niki\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpik2onc.dll
2014-10-22 07:22 - 2014-10-22 07:22 - 00047616 _____ () C:\Users\Niki\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 07:22 - 2014-10-22 07:22 - 00863744 _____ () C:\Users\Niki\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 07:22 - 2014-10-22 07:22 - 00200704 _____ () C:\Users\Niki\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-01-12 08:44 - 2009-07-24 11:46 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2010-01-12 08:44 - 2009-05-13 15:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2014-12-12 09:23 - 2014-12-06 08:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 09:23 - 2014-12-06 08:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 09:23 - 2014-12-06 08:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 09:23 - 2014-12-06 08:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Niki\Desktop\munka:com.dropbox.attributes
AlternateDataStreams: C:\Users\Niki\Desktop\munkahelyek.txt:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
HomeGroupUser$ (S-1-5-21-3713088183-2547557746-3158852234-1002 - Limited - Enabled)
Niki (S-1-5-21-3713088183-2547557746-3158852234-1000 - Administrator - Enabled) => C:\Users\Niki
Rendszergazda (S-1-5-21-3713088183-2547557746-3158852234-500 - Administrator - Disabled)
Vendég (S-1-5-21-3713088183-2547557746-3158852234-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo alagútkezelő adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2015 03:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x15fc
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/13/2015 03:54:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x10f8
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/13/2015 03:54:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0xaa8
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/13/2015 03:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x10e8
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/13/2015 03:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0xacc
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/12/2015 08:06:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x86c
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/11/2015 09:51:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: AcrobatStd_11_Web_WWMUI.exe, verzió: 1.0.2.1, időbélyeg: 0x2a425e19
A hibát okozó modul neve: AcrobatStd_11_Web_WWMUI.exe, verzió: 1.0.2.1, időbélyeg: 0x2a425e19
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0001b7d6
A hibát okozó folyamat azonosítója: 0x9f8
A hibát okozó alkalmazás indításának időpontja: 0xAcrobatStd_11_Web_WWMUI.exe0
A hibát okozó alkalmazás elérési útja: AcrobatStd_11_Web_WWMUI.exe1
A hibát okozó modul elérési útja: AcrobatStd_11_Web_WWMUI.exe2
Jelentés azonosítója: AcrobatStd_11_Web_WWMUI.exe3
 
Error: (01/11/2015 09:49:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: AcrobatStd_11_Web_WWMUI.exe, verzió: 1.0.2.1, időbélyeg: 0x2a425e19
A hibát okozó modul neve: AcrobatStd_11_Web_WWMUI.exe, verzió: 1.0.2.1, időbélyeg: 0x2a425e19
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0001b7d6
A hibát okozó folyamat azonosítója: 0x1560
A hibát okozó alkalmazás indításának időpontja: 0xAcrobatStd_11_Web_WWMUI.exe0
A hibát okozó alkalmazás elérési útja: AcrobatStd_11_Web_WWMUI.exe1
A hibát okozó modul elérési útja: AcrobatStd_11_Web_WWMUI.exe2
Jelentés azonosítója: AcrobatStd_11_Web_WWMUI.exe3
 
Error: (01/11/2015 09:24:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x13d4
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
Error: (01/10/2015 06:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: chrome.exe, verzió: 39.0.2171.95, időbélyeg: 0x548243f3
A hibát okozó modul neve: YCWebCameraSource.ax, verzió: 2.0.8320.3402, időbélyeg: 0x4ac5ca7b
Kivételkód: 0xc0000005
Hiba pozíciója: 0x0000c9d8
A hibát okozó folyamat azonosítója: 0x16ec
A hibát okozó alkalmazás indításának időpontja: 0xchrome.exe0
A hibát okozó alkalmazás elérési útja: chrome.exe1
A hibát okozó modul elérési útja: chrome.exe2
Jelentés azonosítója: chrome.exe3
 
 
System errors:
=============
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: A távoli kiszolgálótól kapott tanúsítvány nem az elvárt nevet tartalmazza, ezért nem lehet megállapítani, hogy a helyes kiszolgálóhoz kapcsolódik-e a számítógép. Az elvárt kiszolgálónév a következő: auth.ff.avast.com. Az SSL-kapcsolat iránti kérelem sikertelen volt. A csatolt adatok tartalmazzák a kiszolgáló tanúsítványát.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A következő végzetes riasztás jött létre: 43. A belső hibaállapot: 552.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: A távoli kiszolgálótól kapott tanúsítvány nem az elvárt nevet tartalmazza, ezért nem lehet megállapítani, hogy a helyes kiszolgálóhoz kapcsolódik-e a számítógép. Az elvárt kiszolgálónév a következő: auth.ff.avast.com. Az SSL-kapcsolat iránti kérelem sikertelen volt. A csatolt adatok tartalmazzák a kiszolgáló tanúsítványát.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A következő végzetes riasztás jött létre: 43. A belső hibaállapot: 552.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: A távoli kiszolgálótól kapott tanúsítvány nem az elvárt nevet tartalmazza, ezért nem lehet megállapítani, hogy a helyes kiszolgálóhoz kapcsolódik-e a számítógép. Az elvárt kiszolgálónév a következő: auth.ff.avast.com. Az SSL-kapcsolat iránti kérelem sikertelen volt. A csatolt adatok tartalmazzák a kiszolgáló tanúsítványát.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A következő végzetes riasztás jött létre: 43. A belső hibaállapot: 552.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: A távoli kiszolgálótól kapott tanúsítvány nem az elvárt nevet tartalmazza, ezért nem lehet megállapítani, hogy a helyes kiszolgálóhoz kapcsolódik-e a számítógép. Az elvárt kiszolgálónév a következő: auth.ff.avast.com. Az SSL-kapcsolat iránti kérelem sikertelen volt. A csatolt adatok tartalmazzák a kiszolgáló tanúsítványát.
 
Error: (01/12/2015 00:57:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A következő végzetes riasztás jött létre: 43. A belső hibaállapot: 552.
 
Error: (01/12/2015 00:57:12 PM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: A távoli kiszolgálótól kapott tanúsítvány nem az elvárt nevet tartalmazza, ezért nem lehet megállapítani, hogy a helyes kiszolgálóhoz kapcsolódik-e a számítógép. Az elvárt kiszolgálónév a következő: auth.ff.avast.com. Az SSL-kapcsolat iránti kérelem sikertelen volt. A csatolt adatok tartalmazzák a kiszolgáló tanúsítványát.
 
Error: (01/12/2015 00:57:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A következő végzetes riasztás jött létre: 43. A belső hibaállapot: 552.
 
 
Microsoft Office Sessions:
=========================
Error: (02/11/2014 01:18:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 249 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 2008.61 MB
Available physical RAM: 568.43 MB
Total Pagefile: 4017.22 MB
Available Pagefile: 2265.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:133 GB) (Free:48.5 GB) NTFS
Drive d: () (Fixed) (Total:149.99 GB) (Free:27.03 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.22 GB) (Free:1.97 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FE7EFE87)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=133 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)
 
==================== End Of Log ============================

  • 0

#9
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Niki,
 
Please consider the following warning, and proceed with the instructions below. 
 

goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
------------------------------
 
Please confirm you recognise each file in your Downloads folder. Any you do not recognise should be deleted. 

Spoiler

Your logs indicate avast! is currently disabled. Please ensure you enable the programme. 
 
------------------------------
 
Please confirm the following folders and file are what you would expect to see on your USB drive. Is anything missing? 

Hijacked! [SHD] F:\szakdoga
Hijacked! [SHD] F:\Thailand
Hijacked! [SHD] F:\08.01.2015
Hijacked! [SHD] F:\Amornrat
Hijacked! [SHD] F:\SEED MORPHOLOGY
Hijacked! [RH] F:\winamp_cache_0001.xml

The folders and file have been hidden by the malware. We can reverse this.
 
Hold the Shift key on your keyboard and insert your USB drive. Then do the following.  
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\...\RunOnce: [] => [X]
    SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> URL http://www.trovigo.c...rchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-3713088183-2547557746-3158852234-1000 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
    CHR DefaultSearchKeyword: Default -> trovigo.com
    CHR DefaultSearchURL: Default -> http://www.trovigo.c...ARCH_TERM&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.searc...x={searchTerms}
    Task: {5A0C83D5-70F3-46B1-9490-C72CE042F708} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
    CMD: attrib -h -s -r /s /d F:\*.*
    Folder: F:\
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log in your next reply. The file can be attached by clicking Choose Files... under the text field. 

  • 0

#10
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

thank you for the information!

 

yes, that's all I had on the USB.

 

the suggested programs asked to disable avast while! they're working. I enabled it after. 

 

log is in attached file.

Attached Files


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello Niki, 
 

the suggested programs asked to disable avast while! they're working. I enabled it after.

OK, no problem. 
 
Hold the Shift key on your keyboard and insert your USB drive. Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type explorer.exe and click OK. Open your USB drive and confirm your folders are visible. 
 
Regarding the quarantined items by MCShield - these are malicious files that copied the names of your folders/files. Do not try to unquarantine these items.
 
------------
 
Lets check your computer appears free of malware, as well as double-checking your USB drive is clean. 
 
STEP 1
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Close AdwCleaner (accept any prompts). 
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM) Including External Drive

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Hold the Shift key on your keyboard and insert your USB drive.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Custom Scan is checked and click Scan Now.
  • Place a checkmark next to any additional drives you wish to scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
GzlsbnV.png ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a checkmark next to your USB drive (F:\). 
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • TDSSKiller log (attached!)
  • AdwCleaner[R0].txt
  • MBAM Scan log
  • ESET Online Scan log

  • 0

#12
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

sending everything in attached .txt files

sorry something might be in hungarian.. 

Attached Files


  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hi Niki, 
 

sorry something might be in hungarian..

That's quite alright. :)
 
Did you do this? 
 

Hold the Shift key on your keyboard and insert your USB drive. Press the Windows Key + r on your keyboard at the same time. Type explorer.exe and click OK. Open your USB drive and confirm your folders are visible.

 
----------
 
Please navigate to this folder: C:\Users\Niki\Documents\Updater
Check the contents. If you don't recgonise the contents, please delete the folder. 
 
BY4dvz9.png AdwCleaner

  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan.
  • Remove the checkmark from anything excluding the following items:
    C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
  • Click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
     

How is your computer performing? Are there any outstanding issues in regards to your USB drive?


  • 0

#14
gyurgyalag

gyurgyalag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

ups, forgot to answer. yep, all the folders are visible now.

 

well, the computer and internet is quite slow, but that's it. the USB drive looks okey, can I use it again?

 

here is the log:

 

# AdwCleaner v4.107 - Report created 15/01/2015 at 10:26:29
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Niki - NIKI-PC
# Running from : C:\Users\Niki\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Niki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v26.0 (hu)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2219 octets] - [29/07/2014 16:02:52]
AdwCleaner[R1].txt - [1332 octets] - [14/01/2015 10:15:36]
AdwCleaner[R2].txt - [1344 octets] - [15/01/2015 10:15:58]
AdwCleaner[S0].txt - [2575 octets] - [29/07/2014 16:18:45]
AdwCleaner[S1].txt - [1277 octets] - [15/01/2015 10:26:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1337 octets] ##########

  • 0

#15
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,068 posts

Hello Niki,
 

well, the computer and internet is quite slow

Specifically, what is slow with the computer? Startup/shutdown? Opening programmes? etc
 

the USB drive looks okey, can I use it again?

Yes. 
 
Please do the following. Then provide an update on exactly what's slow. 
 
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Mcshield, USB, hidden files

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP