Win32/Neshta.A vírus

Zpráva

PeTeRSVK · #31 Příspěvek od **PeTeRSVK** » 17 led 2013 15:28

proces svchost.exe HostProces

#32 Příspěvek od **stell** » 17 led 2013 15:29

proces svchost.exe HostProces???toto nie je virus, ale chybova hlaska,, kedy ti to hlasi??

PeTeRSVK · #33 Příspěvek od **PeTeRSVK** » 17 led 2013 15:30

Podporas ESETU nieco o tom mlela
Tak potom neviem ci tam este je.
v spravcovi suborov.

#34 Příspěvek od **stell** » 17 led 2013 15:31

nahodou nebolo tato hlaska??
Generic host Process for Win32 Services??

PeTeRSVK · #35 Příspěvek od **PeTeRSVK** » 17 led 2013 15:34

nn toto som nasiel iba v spravcovi suborov.
O viruse viem lebo eset pisal ze sa dostal do PC Win32/Nestha.A a ukladal subory do karanteny.
Potom sa mi brutalne spomalil PC nesli otvorit .exe subory.

#36 Příspěvek od **stell** » 17 led 2013 15:40

No ano, mal si to tam, ale uz sme to opravili, no nic este daj log z OTL.
Navod od kolegu Vyoska.

Stahnete OTL
http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

PeTeRSVK · #37 Příspěvek od **PeTeRSVK** » 17 led 2013 16:15

OTL Extras logfile created on: 17. 1. 2013 15:53:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,31% Memory free
4,00 Gb Paging File | 2,73 Gb Available in Paging File | 68,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 162,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018503D0-276B-433E-BA0E-0B0B1986242A}" = lport=445 | protocol=6 | dir=in | app=system |
"{050A6948-667D-4C0B-ACA0-C1B6FB32629F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0C115FA7-EF13-4FD8-966F-D0F433B7E10F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{175212A0-8484-4F9C-BF90-55C4AE12BBE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FFB7AA5-3A07-4F6A-A28A-36763CBAA5E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{22B8843E-51D5-4E3F-84D1-F300B896DF0A}" = rport=137 | protocol=17 | dir=out | app=system |
"{2463E2E9-9B32-43A4-8516-D8FFA7EC02EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5582449C-280E-44AB-B0D8-B4DB0A68B85D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{63B6F276-EF89-42EC-8FE8-9A11BB168E64}" = lport=49376 | protocol=6 | dir=in | name=akamai netsession interface |
"{745C5AC0-84CB-402D-9E42-68BA2DD5AC33}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BC76267-66E3-4C55-931C-AE531FED9127}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D4C874C-B85A-4CE5-9D55-DE5B6DB35FA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DF65889-1AC5-4E39-8657-E508D2BE85AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{89522E20-161C-44A3-AD8D-6A310E49398F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C638F3D-89E3-4BEA-8987-77ED173FA47C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ACE47E94-0D3A-4613-BBFB-921E2C13886F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B7870484-0F92-4DE8-A6C9-314054840F1E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8AA0651-280E-4392-B4AD-A4CDD5A0E968}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CAC2642B-B23C-4F58-B56B-042A7AC90490}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBA4A740-E522-4B61-A2BB-49814C053849}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC766E1A-FAE0-4D40-B78E-F5299457E5F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF4BF29B-594F-4ADE-B29A-02ABBE222B92}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D24018C1-3854-4C78-B4E9-351485A9F2AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8BB547B-D558-4230-8712-5889C486BEDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDC069-AF0F-47E6-A1E9-3274D91C5644}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06371E4A-0886-49EF-8529-FDA869B4524B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0966BE9F-637E-4996-AD21-A40A1459F82E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{0E8C3EA9-29A1-4034-8F7A-992E9FF2E202}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{122B29FD-1498-4CF7-9171-7A5D6A781629}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14E4E397-AEBD-45C3-BB07-5180717AE24C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{202675D5-E3DA-43F8-B8B2-35CF14CC33A3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{222888D4-61F5-447D-8678-7E43D331FCCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{23568D9C-E873-44A9-A671-EF41FA3D6745}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe |
"{29038B51-18E0-4E2D-A2FF-63B8799BB12E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{2E73EDA4-6BF4-40CA-870A-77E631129CF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AD41D40-0F6F-46C1-B7B1-0E66F4554A5D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{456C9F31-3A11-48E9-A1EC-038C1DFA3C21}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{51FD6F88-151C-4863-A8D7-CE6230546994}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{53FD4D4B-89D6-48FC-8C7C-08EFC888A771}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{56AC95E3-EBE0-4400-A049-F8B73E21B8A2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{61807D58-0B11-4BE3-84AB-B664F5542E8B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{67DC8594-64AB-47FC-BD8D-765DEBBD069F}" = protocol=6 | dir=in | app=c:\users\admin\desktop\legedofmatrixmt2v2.2\lom_patcher.exe |
"{6BBC8AE6-9454-4F3A-943C-C098A56DB194}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6DE1C061-58B3-42DA-AA55-2BFDBFE1A795}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{6E0AFD1A-CF0F-4075-98AA-98750B73CFC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EBEAA2D-C714-41D7-8F9C-82F48A1093CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{781A3981-597C-40EA-8ABC-3848D3C0F811}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{7DB32170-036D-49AB-90A3-BEFEA84FD2B1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{8844944D-2966-4B85-B0A3-FB09AA4C045C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947791EA-759F-4577-AB1B-CC98773F9383}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{98D13B25-C032-4533-BF8C-D4BC41398E5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB41298C-89E9-48DF-ADF6-697B1A4BEAAF}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{B552FD2D-7E38-4F87-A404-E4D0C3D2E6D2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8AA7BF3-0643-47E4-BA0B-B66AAB54A37C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{BC3C061F-4509-465D-BDC3-CAD617F01994}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe |
"{BC54F093-BA1D-4D8B-A8B4-F89BC774542A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2EC1914-0049-4D02-B85E-9EE927851238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C38B2C9C-693D-4700-AB31-A7D0476F0A31}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4CEED74-03B5-4F97-A519-1B537350B32C}" = protocol=6 | dir=out | app=system |
"{C6D3FEF2-7607-48B3-8BB3-C1752E5CA593}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA9416E5-E59D-4B6A-9467-3E292C330C2D}" = protocol=17 | dir=in | app=c:\users\admin\desktop\legedofmatrixmt2v2.2\lom_patcher.exe |
"{DD627EDE-0AED-4A10-8C08-5AF6F3E99111}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DFED1505-56B4-4470-997A-604BA1F798AC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{E3D1E6F3-38B2-4942-AD3F-A0144EF25ECE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{E7874F04-4319-45EA-8DAB-B420724CE8DD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{EEBA830D-684F-4A16-BDE8-0057DBE186D9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F0CB5D1E-7A22-4777-9681-47227D705F72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6819C04-B544-40FE-A2E9-307E12C83E10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9268878-E862-4C46-9C9B-87CF34D487AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFE94724-3F91-46AA-8BAC-0DF9AFF9BD5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{31CD5FB1-2276-44AC-B710-69E114ACA054}C:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{3E50C7FE-E68C-4F95-B903-3FF4A06BD3DA}C:\users\admin\desktop\moonmt2 client dezember 2\moonmt2.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\moonmt2 client dezember 2\moonmt2.exe |
"TCP Query User{4802C097-25A9-4E5F-A940-D2D42922E14C}C:\program files\kbot\kbot 6.55\kbotcc.exe" = protocol=6 | dir=in | app=c:\program files\kbot\kbot 6.55\kbotcc.exe |
"TCP Query User{4A3F9306-AEE0-4072-9849-DFF55D39131A}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{4B4B74B2-D83A-4B2F-A071-442C82A46EF6}C:\users\admin\desktop\cliente metin2 skill v.1.0 [by fuuton97 - www.fuuton97.com]\metin2.bin" = protocol=6 | dir=in | app=c:\users\admin\desktop\cliente metin2 skill v.1.0 [by fuuton97 - www.fuuton97.com]\metin2.bin |
"TCP Query User{5058F8E2-DC7B-4494-A27E-9E85C62DBEFF}C:\users\admin\desktop\kitsune2 2012 client\kitsune2.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\kitsune2 2012 client\kitsune2.exe |
"TCP Query User{53B5255C-BEE3-43B7-B421-B8E6B51DF80B}C:\program files\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files\torchlight ii\torchlight2.exe |
"TCP Query User{8552871D-FBF1-4386-903F-A184ABFA5F2D}C:\hry\valve\hl.exe" = protocol=6 | dir=in | app=c:\hry\valve\hl.exe |
"TCP Query User{8B10EBA9-BB92-4C7B-AE64-6E4D41F4B008}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{8D328BE2-FACD-429E-A0D8-835BBF0155EE}C:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{9D60C650-10F3-45C3-BBE4-D3FBE0A68E52}C:\hry\valve\hl.exe" = protocol=6 | dir=in | app=c:\hry\valve\hl.exe |
"TCP Query User{BC803EFD-C31A-4D85-BDBE-5BDCD1E81949}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |
"TCP Query User{BCF33AED-9E79-4A34-ABFF-D8A75D8814ED}C:\users\admin\desktop\legedofmatrixmt2v2.2\legedofmatrixmt2.bin" = protocol=6 | dir=in | app=c:\users\admin\desktop\legedofmatrixmt2v2.2\legedofmatrixmt2.bin |
"TCP Query User{F202BA37-FC10-461B-A593-324DCD57B966}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0132D25D-89D9-474E-9A13-986CD2D1D50C}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{10F02898-3D95-458D-9BA2-33062C1E5DFA}C:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{1635F9BC-B38B-4F32-8D3C-AAD0DA5E20D2}C:\users\admin\desktop\moonmt2 client dezember 2\moonmt2.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\moonmt2 client dezember 2\moonmt2.exe |
"UDP Query User{217BC6AC-9926-4564-B2F9-FB69495DBD84}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{4DAC0610-DE80-4B0B-8555-75C9ECCBCA00}C:\hry\valve\hl.exe" = protocol=17 | dir=in | app=c:\hry\valve\hl.exe |
"UDP Query User{55464F7C-4C4A-49B1-9A03-234EB7AF780C}C:\program files\kbot\kbot 6.55\kbotcc.exe" = protocol=17 | dir=in | app=c:\program files\kbot\kbot 6.55\kbotcc.exe |
"UDP Query User{7C987073-A47E-4BE3-AE2A-5F26A0D15F61}C:\users\admin\desktop\cliente metin2 skill v.1.0 [by fuuton97 - www.fuuton97.com]\metin2.bin" = protocol=17 | dir=in | app=c:\users\admin\desktop\cliente metin2 skill v.1.0 [by fuuton97 - www.fuuton97.com]\metin2.bin |
"UDP Query User{865E188D-DA81-4498-98BE-6D11E962B054}C:\hry\valve\hl.exe" = protocol=17 | dir=in | app=c:\hry\valve\hl.exe |
"UDP Query User{D6EDDB15-A4C2-48AF-9F39-248A5FDE1A3A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D75F4704-A60E-4C71-B63A-E5FE50CC3F5E}C:\users\admin\desktop\kitsune2 2012 client\kitsune2.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\kitsune2 2012 client\kitsune2.exe |
"UDP Query User{DF7B41DE-88D5-4A27-BA90-C9F408441F4E}C:\users\admin\desktop\legedofmatrixmt2v2.2\legedofmatrixmt2.bin" = protocol=17 | dir=in | app=c:\users\admin\desktop\legedofmatrixmt2v2.2\legedofmatrixmt2.bin |
"UDP Query User{E540751C-0CA6-41FF-A886-26777CB8AF7E}C:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{E630E31F-80DD-4453-AD68-E2CD0AE5669E}C:\program files\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files\torchlight ii\torchlight2.exe |
"UDP Query User{E8CB531E-5B01-47D3-87AC-A22076EFABDE}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B265E3D-17BD-3B47-D87A-FAC2B8E18124}" = ATI Problem Report Wizard
"{0FFD1891-1E7C-4C46-B3D9-B1A23C57148C}" = Plants Vs. Zombies
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1C4E4D18-B59E-448C-85B2-605E8741EE07}" = ESET Smart Security
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E060268-4175-201F-EABD-B91FC552DCA4}" = CCC Help Japanese
"{306D0BDC-4E4D-D95A-F067-5C2FD0A41055}" = Catalyst Control Center Graphics Full New
"{32652FCF-AC67-688C-0FB8-3AD5839ACFB7}" = CCC Help Russian
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}" = Notification Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C67F5DC-F3BA-241E-D4EB-58D935822B74}" = CCC Help Hungarian
"{413B1AC7-E076-B765-C6BF-8780AE6124CB}" = ATI AVIVO Codecs
"{447A24EA-46BD-4F5B-AA2A-6A1B941BD2C3}" = Catalyst Control Center InstallProxy
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{569FA061-07B7-3992-358E-3A58582B2E6D}" = ccc-core-static
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Zem
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FE7D13B-88D4-4870-B5D7-54D9E7D04661}" = CCC Help Portuguese
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 2.8.2
"{7FC3076B-750E-24BE-F7FF-26266F9256CF}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86206386-FAF7-A27A-66E9-7840DEA68848}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B217953-6EF2-E6F2-4742-C6CA98A9C294}" = CCC Help Dutch
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_STANDARD_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_STANDARD_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95A4C317-5EF8-7E59-BC82-5DFCB18EE17A}" = CCC Help English
"{9783B07B-362F-9552-84AD-058DB078086F}" = CCC Help Greek
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2CABB42-0936-44CD-B3E0-8A62B5303E70}" = CCC Help German
"{A39E4995-2D56-ABE5-D90B-2B3A685F7CE2}" = CCC Help Czech
"{A513E1BC-2F10-9661-3105-2674F11841AA}" = ccc-utility
"{A71F05F5-547F-DD24-2E03-E757F8DF833A}" = CCC Help Chinese Standard
"{A72D8248-4E4D-63CF-BF39-E041AF380012}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB785A8-BCBB-D1C0-03B5-3F4E32083E07}" = CCC Help Korean
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{AEAE3EDB-AF9F-0BE8-F7E1-C5D6D6D74DB9}" = CCC Help Spanish
"{B6CF045D-51E5-6E4B-7C62-FD402ACB38FB}" = Catalyst Control Center Graphics Previews Common
"{B8367F2A-34C0-BC18-922A-96B4FDA40FA0}" = CCC Help Thai
"{B86C045F-2922-ECBD-4066-173B77820992}" = CCC Help Polish
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBA2DEC-E9CD-D82A-7280-988D8430C39D}" = CCC Help Norwegian
"{CF06C093-A1D1-5CAB-DF87-B890377970D0}" = Catalyst Control Center Localization All
"{D1C46FAA-3378-A0B1-18D2-F52618E5517E}" = CCC Help Finnish
"{D3405B2E-79A5-3EAF-3E8C-20E8CD64F2D1}" = Catalyst Control Center Core Implementation
"{D3EF1442-F45D-AF2E-EE90-F168F83BD5D7}" = CCC Help French
"{D6E5C6D5-E96F-C90E-0BF5-94F6E4ED3B6A}" = Catalyst Control Center Graphics Previews Vista
"{DBE41A56-98C8-4E5C-BCBD-5862727091E1}_is1" = Cake Mania 3
"{DF5B650A-3F45-4DEF-90B7-5AC4893CED28}" = QuadCoreM2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F241631E-ACF3-DE56-901C-0BC16D2423CE}" = CCC Help Turkish
"{F25BE225-4A79-941A-A257-1BB37968F773}" = Catalyst Control Center HydraVision Full
"{F8A2DD2D-581D-372A-71CD-1339CFE86EC8}" = Catalyst Control Center Graphics Light
"{FB6DE932-24CA-D1C0-2FD8-1DFCE4A33CC5}" = HydraVision
"{FED3F92F-4D03-82BE-E3D2-D9BD7E942000}" = CCC Help Swedish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF22903-7FDC-0E9C-7667-1B673026112A}" = CCC Help Chinese Traditional
"84A4BA52F182B7792BCF359B3E8C7E8400765BDF" = Windows Driver Package - Toshiba Thrive (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BlueStacks App Player" = BlueStacks App Player
"Borderlands 2_is1" = Borderlands 2
"CCleaner" = CCleaner
"Clownfish" = Clownfish for Skype
"Counter-Strike Cz+DABING 1.01" = Counter-Strike Cz+DABING 1.01
"Časovač 3.00_is1" = Časovač 3.00
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darksiders II - Death Lives_R.G. Mechanics_is1" = Darksiders II - Death Lives
"Deer Hunter 2005_is1" = Deer Hunter - The 2005 Season
"DigitalPowered Toolbar" = DigitalPowered Toolbar
"Dishonored_is1" = Dishonored
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"im" = Garena Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 sk)" = Mozilla Firefox 17.0.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero 9 Micro_is1" = Nero 9.0.9.4d Micro (sestavení 1)
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Plants vs. Zombies" = Plants vs. Zombies
"RealPlayer 15.0" = RealPlayer
"Speccy" = Speccy
"STANDARD" = Microsoft Office Standard 2007
"Swords and Sandals 1" = Swords and Sandals 1 1.0
"Swords and Sandals 2" = Swords and Sandals 2 2.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1
"Tunngle beta_is1" = Tunngle beta
"Turbo Fiesta 1.00 The Patriot Force Team" = Turbo Fiesta 1.00 The Patriot Force Team
"Turbo Pizza_is1" = Turbo Pizza
"uTorrent" = µTorrent
"Valve_0" = Valve
"Warcraft III" = Warcraft III
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d808cb7170a356a3" = MineCraft Updater
"QuadCoreM2" = QuadCoreM2
"SOE-DC Universe Online Live" = DC Universe Online Live
"Turbo Subs" = Turbo Subs
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16. 9. 2012 3:42:47 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 141c Start Time:
01cd93d4767feb28 Termination Time: 260 Application Path: C:\Hry\Valve\hl.exe Report
Id: 15e14b59-ffd2-11e1-8358-00e04d51fb25

Error - 19. 9. 2012 10:04:38 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Helper process
exited prematurely at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 19. 9. 2012 10:04:39 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Helper process
exited prematurely at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 19. 9. 2012 10:04:48 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Helper process
exited prematurely at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 19. 9. 2012 10:36:51 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program HD-Frontend.exe version 0.7.4.793 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17ec Start
Time: 01cd966fe760a010 Termination Time: 50 Application Path: C:\Program Files\BlueStacks\HD-Frontend.exe

Report
Id: 6d7c7829-0267-11e2-9c23-00e04d51fb25

Error - 19. 9. 2012 13:25:14 | Computer Name = admin-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start

Error - 21. 9. 2012 11:00:09 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 93c Start Time:
01cd98097ff389d8 Termination Time: 140 Application Path: C:\Hry\Valve\hl.exe Report
Id: 00c79bf9-03fd-11e2-8f8a-00e04d51fb25

Error - 21. 9. 2012 13:40:34 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 15c0 Start Time:
01cd981c6d8eed10 Termination Time: 184 Application Path: C:\Hry\Valve\hl.exe Report
Id: 6c05e6c1-0413-11e2-8f8a-00e04d51fb25

Error - 23. 9. 2012 8:10:12 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program opera.exe version 12.2.1578.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1358 Start
Time: 01cd995a04302980 Termination Time: 624 Application Path: C:\Program Files\Opera\opera.exe

Report
Id: 2eeeeab9-0574-11e2-b390-00e04d51fb25

Error - 26. 9. 2012 8:38:18 | Computer Name = admin-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 26. 9. 2012 8:38:25 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: aeriaignite.exe, verzia: 1.10.1721.0, časová
značka: 0x504e2c9d Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka:
0x00000000 Kód výnimky: 0xc0000005 Odstup chyby: 0x015c1abf Identifikácia chybného
procesu: 0xbe8 Čas spustenia chybnej aplikácie: 0x01cd9be388979f60 Cesta chybnej
aplikácie: C:\Program Files\Aeria Games\Ignite\aeriaignite.exe Cesta chybného modulu:
unknown Identifikácia hlásenia: 10004380-07d7-11e2-a942-00e04d51fb25

Error - 29. 9. 2012 13:25:14 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program hl.exe version 1.1.1.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1184 Start Time:
01cd9e5c21584bf8 Termination Time: 210 Application Path: C:\Hry\Valve\hl.exe Report
Id: 9888b659-0a5a-11e2-b045-00e04d51fb25

[ Media Center Events ]
Error - 6. 6. 2011 14:02:02 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 20:01:52 - Nepodarilo sa načítať položku Broadband (chyba: The operation
has timed out)

Error - 6. 6. 2011 15:05:40 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:05:40 - Nepodarilo sa načítať položku Directory (chyba: The operation
has timed out)

Error - 6. 6. 2011 15:10:42 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:09:01 - Nepodarilo sa načítať položku MCEClientUX (chyba: The operation
has timed out)

Error - 6. 6. 2011 15:12:29 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:12:22 - Nepodarilo sa načítať položku Broadband (chyba: The operation
has timed out)

Error - 8. 6. 2011 14:02:54 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 20:02:53 - Nepodarilo sa načítať položku Directory (chyba: The operation
has timed out)

Error - 8. 6. 2011 14:07:55 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 20:06:15 - Nepodarilo sa načítať položku MCEClientUX (chyba: The operation
has timed out)

Error - 8. 6. 2011 14:09:51 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 20:09:35 - Nepodarilo sa načítať položku Broadband (chyba: The operation
has timed out)

Error - 8. 6. 2011 15:13:30 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:13:30 - Nepodarilo sa načítať položku Directory (chyba: The operation
has timed out)

Error - 8. 6. 2011 15:18:31 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:16:51 - Nepodarilo sa načítať položku MCEClientUX (chyba: The operation
has timed out)

Error - 8. 6. 2011 15:20:20 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 21:20:11 - Nepodarilo sa načítať položku Broadband (chyba: The operation
has timed out)

[ System Events ]
Error - 17. 1. 2013 9:35:30 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description = Služba Portable Device Enumerator Service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca
opravná akcia: Reštartovať službu.

Error - 17. 1. 2013 9:35:30 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Driver Foundation - User-mode Driver Framework sa neočakávane
ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná
nasledujúca opravná akcia: Reštartovať službu.

Error - 17. 1. 2013 9:52:25 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 17. 1. 2013 9:57:40 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 17. 1. 2013 10:01:30 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 17. 1. 2013 10:01:35 | Computer Name = admin-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 17. 1. 2013 10:01:37 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 17. 1. 2013 10:02:53 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:00:58 on ?17. ?1. ?2013 was unexpected.

Error - 17. 1. 2013 10:03:09 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7023
Description = Služba BlueStacks Android Service bola ukončená s nasledujúcou chybou:
%%1064

Error - 17. 1. 2013 10:04:42 | Computer Name = admin-PC | Source = WMPNetworkSvc | ID = 866300
Description =

< End of report >

PeTeRSVK · #38 Příspěvek od **PeTeRSVK** » 17 led 2013 16:16

OTL logfile created on: 17. 1. 2013 15:53:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,31% Memory free
4,00 Gb Paging File | 2,73 Gb Available in Paging File | 68,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 162,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 15:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2013/01/15 17:09:52 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/17 17:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/01 20:30:18 | 003,093,624 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2012/11/30 08:49:14 | 001,232,632 | ---- | M] (Bogdan Sharkov) -- C:\Program Files\Clownfish\Clownfish.exe
PRC - [2012/10/25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/07 21:00:06 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/13 09:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/02 04:38:36 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/10/02 04:38:06 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/15 17:09:47 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/17 17:59:56 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/12/01 20:30:18 | 003,093,624 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2012/03/25 10:18:52 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013/01/15 17:09:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/17 17:59:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/10/25 17:33:14 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/03/15 11:47:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/02 04:38:06 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\admin\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\Desktop\Injector 32 bit\injectDLL.sys -- (injectDLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayytzs5a)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/25 17:33:20 | 000,063,864 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/09/25 15:15:15 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012/03/07 17:41:04 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/07 17:38:59 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/02 05:10:34 | 005,166,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/09/30 15:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2776682
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 93 63 18 08 05 CC 01 [binary data]
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... ff28d1e7be
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2776682
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{C403A909-48FD-4F27-8B93-01CE8D9520E2}: "URL" = http://websearch.ask.com/redirect?clien ... 8B791D4FD6
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... earchTerms}
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/15 15:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/15 15:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/15 15:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/23 12:53:42 | 000,000,000 | ---D | M]

[2011/10/13 17:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011/10/13 17:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/06/16 18:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/10/24 16:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\lid6k1ip.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\askcom.xml
[2011/09/24 04:04:24 | 000,000,941 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\conduit.xml
[2012/04/14 22:45:27 | 000,004,030 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\sweetim.xml
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/10/28 14:29:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\Mozilla Firefox\updated\extensions\ocr@babylon.com
[2012/12/17 17:59:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/08 08:49:32 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/06/18 06:09:45 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2012/06/18 06:09:45 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2012/05/22 19:35:04 | 000,002,355 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/18 06:09:45 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2012/06/18 06:09:45 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2012/06/18 06:09:45 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2012/06/18 06:09:45 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTer ... src=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Babylon Toolbar = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.0_0\

O1 HOSTS File: ([2013/01/17 15:04:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000..\Run: [Clownfish] C:\Program Files\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8045BA0F-BC5A-45C7-B9A2-552743ACB6FC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9678671A-45A1-4117-B5EE-A3404109CEC0}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 7 Days ==========

[2013/01/17 15:43:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/01/17 15:11:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/17 15:04:19 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Skype Voice Records
[2013/01/17 15:04:19 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Clownfish Avatars
[2013/01/17 15:04:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/17 15:01:26 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2013/01/17 14:14:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 14:14:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 14:14:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 14:14:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 14:07:33 | 005,024,203 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2013/01/17 14:05:34 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\AntiVirus
[2013/01/16 16:56:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ElevatedDiagnostics
[2013/01/15 20:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/15 19:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/01/15 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/01/15 19:47:56 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\MigWiz
[2013/01/15 16:37:59 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2013/01/15 16:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/15 16:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/15 16:37:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/15 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/15 16:03:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/01/15 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/01/15 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/01/13 17:55:57 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Akios2 Client - kópia
[2013/01/11 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Media Get LLC
[2013/01/11 16:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2013/01/11 16:15:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\MediaGet2
[2013/01/11 16:15:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Media Get LLC
[2011/12/27 16:13:27 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/12/27 16:13:27 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[2011/09/12 19:26:13 | 000,937,984 | ---- | C] (Go) -- C:\Users\admin\Heligonka.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013/01/17 15:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 15:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 15:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/01/17 15:33:03 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 15:32:53 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/17 15:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 15:04:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/17 15:03:48 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 15:02:44 | 000,301,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/17 15:02:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 15:02:31 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 14:51:10 | 005,024,203 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2013/01/17 14:03:55 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/01/15 17:09:51 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/15 17:09:51 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/15 16:03:12 | 000,001,038 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 14:14:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 14:14:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 14:14:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 14:14:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 14:14:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/15 16:03:12 | 000,001,038 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/12/14 16:59:19 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2012/09/25 15:15:15 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012/09/25 15:15:15 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012/07/12 11:05:56 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/15 13:30:24 | 000,002,945 | ---- | C] () -- C:\Users\admin\profiles.xml
[2012/05/22 14:48:28 | 000,000,218 | ---- | C] () -- C:\Users\admin\.recently-used.xbel
[2012/05/22 14:47:40 | 000,000,014 | ---- | C] () -- C:\Users\admin\.gtk-bookmarks
[2012/03/31 19:57:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/03/25 10:18:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/11/30 20:04:28 | 000,000,093 | ---- | C] () -- C:\Users\admin\AppData\Local\fusioncache.dat
[2011/11/30 18:13:58 | 000,022,328 | ---- | C] () -- C:\Users\admin\AppData\Roaming\PnkBstrK.sys
[2011/11/17 18:55:40 | 000,062,437 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/11/17 15:25:41 | 000,045,270 | ---- | C] () -- C:\Users\admin\AppData\Roaming\room_v3.dat
[2011/11/07 16:28:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/11/02 16:50:53 | 000,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2011/09/12 19:26:19 | 000,267,814 | ---- | C] () -- C:\Users\admin\Start.exe
[2011/09/12 19:06:24 | 000,000,049 | ---- | C] () -- C:\Windows\atomic.ini
[2011/03/15 18:08:30 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/03/15 18:08:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/03/15 18:08:28 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/03/15 13:28:29 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/15 13:28:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/15 13:28:27 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/15 13:28:27 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/15 13:28:27 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/15 12:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/15 11:13:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/15 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2012/07/20 13:12:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.spoutcraft
[2012/11/19 16:52:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.technicraft
[2012/03/08 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Alawar Entertainment
[2011/10/31 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\aliasworlds
[2011/11/03 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Babylon
[2012/05/22 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BabylonToolbar
[2013/01/15 20:01:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2012/12/12 21:12:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Darksiders II - Death Lives
[2011/03/15 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ESET
[2011/10/31 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Farm Mania 2
[2012/06/11 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\fizzy
[2011/10/13 17:13:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Flock
[2012/10/13 08:44:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GarenaPlus
[2011/09/23 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2012/05/22 14:47:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0
[2012/11/13 17:47:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2011/12/23 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient
[2013/01/15 15:50:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Get LLC
[2012/02/13 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Need for Speed World
[2011/10/31 17:00:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NevoSoft Games
[2011/03/17 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Oberon Games
[2011/03/17 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Oberon Media
[2011/12/16 16:29:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2012/04/28 10:07:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Patcher
[2011/06/16 18:46:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Philips
[2011/06/16 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Philips-Songbird
[2011/07/16 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PlayFirst
[2012/10/30 21:42:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PunkBuster
[2012/12/23 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SFBot
[2012/01/22 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpinTop
[2011/08/15 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2012/06/11 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thinstall
[2013/01/15 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2012/12/23 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Tunngle
[2012/07/10 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ubisoft
[2011/10/24 14:04:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2013/01/17 16:00:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2012/01/19 15:05:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net
[2012/10/27 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\YoudaGames
[2012/05/22 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\YourFileDownloader
[2012/03/03 07:03:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZiggyTV

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012/08/22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011/06/21 06:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012/08/22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 06:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2011/06/21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\ERDNT\cache\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\System32\drivers\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012/03/30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/26 22:08:22 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\Tasks\*.job >
[2013/01/17 16:07:02 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/01/17 15:03:48 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 15:33:03 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/26 22:08:22 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013/01/17 15:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 15:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 17:09:51 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2013/01/15 17:09:51 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2013/01/17 15:02:44 | 000,301,440 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2013/01/17 13:38:23 | 065,273,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F1F85068

< End of report >

PeTeRSVK · #39 Příspěvek od **PeTeRSVK** » 17 led 2013 16:43

Treba spravit ešte niečo?

PeTeRSVK · #40 Příspěvek od **PeTeRSVK** » 17 led 2013 17:02

Stale vyskakuje Malwarebytes niečo o tom že niečo sa snaži odosielať údaje.

#41 Příspěvek od **stell** » 17 led 2013 17:04

Ano.
Malwarebytes, treba odinstalovat,

Teraz ZAPNI OBNOVU systemu, ak nemas zapnute, a az potom pokracuj dalej.
Spust OTL ako admin, dole do okna vloz tento script:
A teraz kliknes na Gombik>>OPRAVIT
log po restarte vloz sem,
Ak nieco bude vypisovat tak stale klikaj OK<OK<OK<

Kód: Vybrat vše

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\admin\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\Desktop\Injector 32 bit\injectDLL.sys -- (injectDLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayytzs5a)
IE - HKLM\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 93 63 18 08 05 CC 01 [binary data]
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Program Files\DigitalPowered\tbDigi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53all&babsrc=SP_ss&mntrId=cc1f1b1a00000000000000ff28d1e7be
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{C403A909-48FD-4F27-8B93-01CE8D9520E2}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=8E&apn_dtid=YYYYYYM4SK&apn_uid=699b40c1-1e89-4984-b123-39fb9349a3b6&apn_sauid=1D31C054-C0F9-4E7F-96B8-188B791D4FD6
IE - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\askcom.xml
[2011/09/24 04:04:24 | 000,000,941 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\conduit.xml
[2012/04/14 22:45:27 | 000,004,030 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\sweetim.xml
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com
[2012/09/08 15:28:32 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com
[2012/10/28 14:25:32 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\Mozilla Firefox\updated\extensions\ocr@babylon.com
[2012/05/22 19:35:04 | 000,002,355 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=220512_all&babsrc=SP_crm
CHR - Extension: Babylon Toolbar = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
O3 - HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F1F85068
:Files 
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[clearallrestorepoints]
[emptytemp] 
[emptyjava]
[start explorer]
[Reboot]

PeTeRSVK · #42 Příspěvek od **PeTeRSVK** » 17 led 2013 17:23

All processes killed
========== OTL ==========
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\Users\admin\AppData\Local\Temp\mbr.sys not found.
Service injectDLL stopped successfully!
Service injectDLL deleted successfully!
File C:\Users\admin\Desktop\Injector 32 bit\injectDLL.sys not found.
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Program Files\Garena Plus\Room\safedrv.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\Windows\system32\drivers\EagleNT.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\admin\AppData\Local\Temp\catchme.sys not found.
Error: No service named ayytzs5a was found to stop!
Service\Driver key ayytzs5a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\ deleted successfully.
C:\Program Files\DigitalPowered\tbDigi.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-2522758601-2811161004-3330094675-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\ not found.
File C:\Program Files\DigitalPowered\tbDigi.dll not found.
HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C403A909-48FD-4F27-8B93-01CE8D9520E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C403A909-48FD-4F27-8B93-01CE8D9520E2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "BrotherSoft Extreme Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\askcom.xml moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\conduit.xml moved successfully.
C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\lid6k1ip.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ocr@babylon.com folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\adapter@babylontc.com folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\ocr@babylon.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\ocr@babylon.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\updated\extensions\ocr@babylon.com folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-2522758601-2811161004-3330094675-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\ProgramData\TEMP:77846FFE deleted successfully.
ADS C:\ProgramData\TEMP:6677D85A deleted successfully.
ADS C:\ProgramData\TEMP:F1F85068 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\admin\Desktop\cmd.bat deleted successfully.
C:\Users\admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: admin
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 9078954 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 203800204 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1132 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34019 bytes
RecycleBin emptied: 1400547830 bytes

Total Files Cleaned = 1 539,00 mb

[EMPTYJAVA]

User: admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01172013_171706

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#43 Příspěvek od **stell** » 17 led 2013 17:30

1:Ok, Ak si este neodinstaloval, tak odinstaluj malwarebytes, pretoze ak to mas v startup, tak stale nieco zakazuje, vypisuje, otravuje, tentoprogram ked instalujes netreba davat do startup.Je to vynikajuci program, ale len na obcasnu kontrolu .

2:Premenuj ikonu Combofixu na uninstall
a spust>.combofix sa odinstaluje.

Odskusaj pc, internet, programy, atd, a napis ci je vsetko ok,

PeTeRSVK · #44 Příspěvek od **PeTeRSVK** » 17 led 2013 17:40

Vsetko ide ako ma len ked to premenujem neodinstaluje sa to.
Teraz to odinstalovalo nic som nepovedal.

#45 Příspěvek od **stell** » 17 led 2013 17:48

Tak to sleduj den, dva a ak vsetko bude v pohode tak napis, a ukoncime to.Doporucujem zmenit hesla, E-mail, Windows, Internet banking, atd,

VIRY.CZ

Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus

Re: Win32/Neshta.A vírus